A vulnerability assessment (or vulnerability analysis) defines, identifies, classifies, and prioritizes security holes (or vulnerabilities) in a computer, a network, or IT infrastructure. Security vulnerability assessments also predict and evaluate the effectiveness of proposed countermeasures. Unlike a penetration test, which exploits weaknesses in the architecture of a system, a vulnerability scan looks for known vulnerabilities in a system and reports potential exposures.
There are many vulnerability assessment tools, and a buyer should be cautious about what tool they buy. If performed correctly, a vulnerability assessment will tell you where to invest in your cyber security resources. If performed incorrectly, a vulnerability assessment will leave your infrastructure open to attacks.
To learn more about vulnerability assessments, read Best Practices in Cyber Vulnerability Assessments.