Many of today's business and consumer applications rely on communications infrastructures such as the Internet. Businesses and consumers need to provide protection to their computer systems from hostile activities, e.g., denial of service attacks, spam, etc., while being able to communicate with others via the network infrastructure. Often, the businesses and consumers establish a security policy to guard against unauthorized access to network assets such as routers, switches, computers, databases, applications, etc. However, lack of compliance to the established security policy may still compromise the integrity of networks even when the security policy has been created. For example, required upgrades of software may not be performed by all employees with access to an enterprise network. Businesses need to identify security vulnerabilities on assets and perform remedies in a timely manner.
Therefore, there is a need for a method and apparatus that enables network service providers to evaluate assets for compliance to a network security policy.