Penetration Tests vs. Vulnerability Scans: What's the difference?

Penetration testing and vulnerability scanning are both required by the Payment Card Industry Data Security Standard (PCI DSS), but there is often confusion about the differences between the two services.

Vulnerability scans look for known vulnerabilities in your systems and report potential exposures.

Penetration tests are intended to exploit weaknesses in the architecture of your IT network and determine the degree to which a malicious attacker can gain unauthorized access to your assets.

A vulnerability scan is typically automated, while a penetration test is a manual test performed by a security professional.

Here's a good analogy: A vulnerability scan is like walking up to a door, checking to see if it is unlocked, and stopping there. A penetration test goes a bit further; it not only checks to see if the door is unlocked, but it also opens the door and walks right in.

CLICK HERE for a side-by-side comparison of the two services.

Contact me today to learn more about these services as well as all the other compliance and security services that ControlScan provides!