Regardless of whether the job is done in-house or through a partnership, security experts agree that once a vulnerability assessment has been performed, it's important to take corrective action promptly. If too much time passes between when the scanning occurs and when corrective action is taken, network connections might change, rendering your report out of date.

Remember, too, that vulnerability assessment scanning is not a one-time fix. A security edifice that is rock-solid today can crumble tomorrow under the assault of newly discovered exploits. (And that's all the more reason to make sure that the scanner you select keeps current with the latest vulnerabilities.) Security experts recommend that you run penetration tests against critical sites every three months. It is also suggested that you change penetration testers every six months to provide a breadth of vulnerability analysis.

It should also be emphasized that vulnerability assessment scanning does not replace in-person security audits. Your company's enterprise security policies and procedures need to be regularly reviewed by actual persons to guarantee that they are in place and being followed. The bottom line: effective security is a combination of people, policies, procedures, and technologies.


Conclusion

Protecting today's dynamic networks against ever-changing security threats requires vigilance as well as action. A vulnerability assessment scanner, frequently updated to reflect the latest attacks, can be an essential weapon in your information security arsenal. The recent Blaster worm was just the latest reminder that corporations need to move swiftly to prevent attack. It won't be the last.