It’s a shocking but true statement.

But then if the vulnerabilities and misconfigurations are known, why are steps not taken to correct them?

Well, the answer lies in the question itself. The vulnerabilities are known but which ones exist in your systems/ network need to be identified. The first step towards protection against security breaches is identification of these vulnerabilities. This is achieved through security audits.

A number of people question the need for security audits and few people even dismiss them as unnecessary. Some people believe that their anti-virus software can take care of all such security concerns. And it’s astonishing to know that a lot of people either have obsolete anti-viruses that are not updated as frequently as they should be or their anti-virus software has poor virus detection rate.

The need for protection varies from business to business. Though a powerful anti-virus software might suffice one business’ security needs; other businesses might require a more sophisticated security solution that comprises protection against malware of all types (malware is the short for "malicious software" and includes viruses, Trojans, worms, spyware, and adware).

Security audits involve a thorough analysis of the systems/network and security practices in order to determine the security solution that would best suit the organization. Security audits involve a lot of tests to identify misconfigurations, firewall vulnerability (e.g. due to exposed workstations), password policy, suitability of current anti-virus software, network component (modems, dial pools etc) vulnerability, vulnerability of web services/ mails/ databases etc. You must ensure that your security auditors perform all the relevant security tests and give you a complete and comprehensive security solution.

-CHRISTOPHER-

Bulletproof your network!