Vulnerability management plays an important role in keeping businesses online by ensuring systems are protected against vulnerabilities. In large businesses, dedicated teams exist to track, assess and remediate vulnerabilities. We previously written about what a vulnerability scan is, what a penetration test is, and the purpose of each with respect to organizational security. Understanding the two is an important step in identifying the security needs of your business, are often confused as the same thing, when that is far from the truth.
Vulnerability management is the processes for identifying vulnerabilities in IT assets, evaluating risk and taking appropriate action. Vulnerability scanners are commonly used in vulnerability management to identify weaknesses across systems and networks, and play an integral role in the process.
A good, mature vulnerability management program should include periodic penetration testing.
Think about it this way, a vulnerability scan uncovers an unwieldy list of software vulnerabilities, a vulnerability assessment places the vulnerabilities in a prioritized list, a vulnerability management program handles fixing those vulnerabilities by priority and a penetration test will ultimately test those fixes.