Author(s): Madhavi Dhingra

Vulnerability assessment takes a wide-range of network issues into consideration and identifies weaknesses that need correction, including misconfigurations and policy noncompliance vulnerabilities that a patch management system alone cannot address. It provides a comprehensive picture of all systems, services and devices that can breach a network, as well as a complete, prioritized list of vulnerabilities that need to be addressed. Remediation is the follow-up stage after vulnerabilities have been accurately identified. The two work handin-hand and form a complimentary process. This paper examines how vulnerability assessments are currently performed by following VA policies and procedures. It also discusses about the current vulnerability tools that are being used by the enterprises.