Commonwealth Security Services' penetration testing service is a combination of a vulnerability scan/assessment, a penetration test, remote password checking and manual analysis by expert security engineers. Vulnerability scanning is an automated process using commercial or freely-available software to provide a shallow but quick exploratory view of the network. These automated tools can miss about 40% of the security risk so they alone do not adequately assess risk. Furthermore, about half of the findings from a vulnerability scan are false positives which reflects badly on your IT department and diverts their attention to spurious findings rather than the serious risks. 

While vulnerability scanning is not suitable on its own as a complete or billable service offering, it does provides some value in the early reconnaissance phase of a more comprehensive External Network Security Assessment such are our Red Team and Blue Team Services.  At CSS, manual analysis is at the heart of all of our assessments which not only gives you confidence that you have a complete view of your security risk, but provides tailored reporting and recommendations enabling simple work-arounds and cost-effective mitigation strategies for most security issues.