Vulnerability quiz: Question No. 4
Why is there danger in having a false sense of security when running periodic vulnerability assessments?
A. Vulnerability assessments cannot detect new attacks.
These tools can only detect known vulnerabilities and cannot identify or protect companies from zero-day attacks. These are new attacks that exploit vulnerabilities in ways that cannot yet be detected by vulnerability scanners or management tools. A corporation needs to deploy an anomaly-based IDS for protecting themselves from zero-day attacks. Vulnerability assessments are not vulnerability mitigation tools that look at more than just running services, patch levels and common exploits.