External Network Assessment
External assessment evaluates every internet-facing system for exploitable vulnerabilities: unpatched services, exposed management interfaces, weak encryption, default credentials, and information disclosure. This is your perimeter-the attack surface visible to anyone on the internet. PCI DSS requires quarterly external ASV scanning of all systems in the cardholder data environment.
Internal Network Assessment
Internal assessment evaluates the systems behind your firewall: servers, workstations, network devices, Active Directory, and internal applications. Internal vulnerabilities enable lateral movement after initial compromise-which is how most breaches escalate from initial access to full compromise.
Credentialed vs Non-Credentialed Scanning
Non-credentialed scans test from an unauthenticated perspective-identifying externally visible vulnerabilities. Credentialed scans authenticate to target systems and evaluate configurations, installed software, and internal settings with much greater accuracy and far fewer false positives. Always use credentialed scanning for internal assessments.
From Scan to Fix
Network assessment findings typically include missing patches (apply vendor updates), service misconfigurations (harden to CIS Benchmarks), exposed services (restrict access through firewall rules), and weak credentials (enforce password policies). Penetrify's network vulnerability assessment combines automated scanning for broad infrastructure coverage with manual penetration testing that validates whether scan findings are genuinely exploitable.
The Bottom Line
Network vulnerability assessment provides the infrastructure security baseline that compliance frameworks require. Penetrify combines automated network scanning with manual exploitation testing for complete coverage.