Ga onbeperkt met Magzter GOLD
Krijg onbeperkte toegang tot meer dan 9000 tijdschriften, kranten en Premium-verhalen voor slechts
Poging GOUD - Vrij
GETTING THE BEST VALUE OUT OF SECURITY ASSESSMENTS
Security Advisor Middle East
|September 2020
SANS CERTIFIED INSTRUCTOR AND CTO, INFIGO IS, DISCUSSES HOW ORGANISATIONS CAN CHOOSE THE RIGHT SECURITY ASSESSMENTS TO MAXIMISE THEIR SECURITY INVESTMENTS.
There are many aspects to managing vulnerabilities in today’s complex IT environments. Performing security assessments is a popular way of identifying existing vulnerabilities, which then allows for proper mitigation. In this article we look at the differences between vulnerability scanning, penetration testing and red teaming, three security assessments that are popular, but that should be performed with care, in order to achieve best results.
Deciding which security assessment to perform depends a lot on an organization’s security maturity level, and the best results will be achieved by performing them exactly in the order listed – let’s see why.
Vulnerability scanning (assessments) is something that every organisation should be doing on a regular basis. This is the first, and the most basic activity in managing vulnerabilities: the goal of a vulnerability scanner is to find lowhanging fruit and known vulnerabilities or misconfigurations. Vulnerability scanners will do a great job of enumerating installed patches, finding default accounts and misconfigurations. Modern scanners can also authenticate against target systems (log in), which will allow them to list installed patches and correlate such information with actively obtained data from a scan, thereby reducing false positive reports.
It is recommended that vulnerability scanning is performed regularly in every organisation, preferably with internal tools. The most popular network vulnerability scanners are Rapid7 Nexpose, Tenable Nessus and Qualys. Just keep in mind that these should be used for network scanning, while other, more specialized tools exist for application-level scanning (i.e. for web applications).
Dit verhaal komt uit de September 2020-editie van Security Advisor Middle East.
Abonneer u op Magzter GOLD voor toegang tot duizenden zorgvuldig samengestelde premiumverhalen en meer dan 9000 tijdschriften en kranten.
Bent u al abonnee? Aanmelden
MEER VERHALEN VAN Security Advisor Middle East
Security Advisor Middle East
STARLINK SHARPENS AI-FIRST CYBERSECURITY VISION TO POWER KSA'S NEXT DECADE OF GROWTH
COO AHMED DIAB OUTLINES HOW DEEPER LOCAL INVESTMENT, AGENTIC AUTOMATION, AND VERTICAL-READY SOLUTIONS ARE POSITIONING STARLINK AT THE FOREFRONT OF THE KINGDOM'S CYBER RESILIENCE JOURNEY.
3 mins
December 2025
Security Advisor Middle East
AI AGENTS, MACHINE IDENTITIES TO RESHAPE BOARDROOM CYBERSECURITY PRIORITIES
KEVIN BOCEK, SENIOR VICE PRESIDENT OF INNOVATION AT CYBERARK, EXPLAINS WHY IDENTITY SECURITY WILL DEFINE GOVERNANCE, RESILIENCE AND DIGITAL TRUST IN 2026 AS AI AGENTS AND AUTOMATION RESHAPE CORPORATE DECISION-MAKING IN THE GULF AND BEYOND.
3 mins
December 2025
Security Advisor Middle East
GROUP-IB CHARTS NEXT FRONTIER OF CYBER DEFENCE IN SAUDI ARABIA
DMITRY VOLKOV HIGHLIGHTS HOW AI-DRIVEN THREATS, PREDICTIVE SECURITY, AND REAL-TIME FRAUD INTELLIGENCE SHARING ARE RESHAPING THE KINGDOM'S CYBERSECURITY ECOSYSTEM.
3 mins
December 2025
Security Advisor Middle East
VEEAM POSITIONS TRUSTED DATA AS FOUNDATION FOR SCALING SAFE AI, SAYS
CEO ANAND ESWARAN EXPLAINS HOW THE ACQUISITION OF SECURITI AI UNIFIES DATA RESILIENCE, SECURITY, GOVERNANCE, AND AI TRUST TO HELP ENTERPRISES MOVE AI FROM EXPERIMENTATION TO PRODUCTION WITH CONFIDENCE
3 mins
December 2025
Security Advisor Middle East
GITGUARDIAN ENTERS SAUDI ARABIA TO STRENGHTEN CYBERSECURITY FOR VISION 2030
GitGuardian, global leader in nonhuman identity cybersecurity, has officially entered the Saudi Arabian market by completing a 12-day strategic immersion under Business France's Booster Grow Global program.
3 mins
December 2025
Security Advisor Middle East
GOODBYE 2025, HELLO 2026! CYBER MATURITY MOVES FROM CONFIDENCE TO PROOF
CYBERSECURITY IN THE MIDDLE EAST IS SHIFTING FROM POINT CONTROLS TO ECOSYSTEM RESILIENCE. ATTACKERS ARE EXPLOITING THE SEAMS BETWEEN CLOUD PLATFORMS, AI-DRIVEN APPLICATIONS, PARTNERS, AND SUPPLIERS — WHILE BOARDS AND INSURERS DEMAND PROOF THAT CRITICAL DATA CAN BE RECOVERED CLEANLY, QUICKLY, AND WITHIN JURISDICTION. IN 2026, CYBER MATURITY WILL BE MEASURED, NOT ASSUMED.
12 mins
December 2025
Security Advisor Middle East
REDEFINING TRUST: WHY CREDENTIALS, NOT PASSWORDS, WILL SECURE ENTERPRISE
CRYPTOGRAPHIC, SYSTEM-GOVERNED CREDENTIALS ARE BECOMING THE ONLY SCALABLE FOUNDATION FOR ZERO TRUST SECURITY BEYOND PASSWORDS.
5 mins
December 2025
Security Advisor Middle East
HYBRID VISIBILITY, AI OBSERVABILITY, AND POST- QUANTUM READINESS WILL DEFINE 2026, SAYS GIGAMON OFFICIAL
DANIELLE KINSELLA, SENIOR DIRECTOR SALES ENGINEERING, GIGAMON, EXPLAINS HOW SAUDI ENTERPRISES ARE LEAPFROGGING GLOBAL MARKETS THROUGH GROUND-UP ARCHITECTURES, MULTICLOUD RESILIENCE AND TRAFFIC INTELLIGENCE.
2 mins
December 2025
Security Advisor Middle East
DATA-CENTRIC SECURITY TAKES CENTRE STAGE IN SAUDI ARABIA'S DIGITAL TRANSFORMATION
SECLORE'S URAZ FARUKH EXPLORES HOW THE KINGDOM'S REGULATORY DIRECTION AND AI ADOPTION ARE SHAPING THE FUTURE OF COMPLIANCE AND CYBER RESILIENCE.
2 mins
December 2025
Security Advisor Middle East
SANS INSTITUTE PARTNERS WITH UAE CYBERSECURITY COUNCIL TO ENHANCE NATIONAL CYBER CAPABILITIES AHEAD OF QUANTUM ERA
SANS Institute, the global leader in cybersecurity training and certifications, announced a landmark strategic partnership with the UAE Cybersecurity Council to advance the nation's cybersecurity readiness and reinforce the UAEs long-term vision for a secure and resilient digital future.
2 mins
December 2025
Translate
Change font size