If you store data on your organization’s network, you want to keep the network as secure as possible, without any vulnerabilities that can be exploited by attackers; therefore, you need to identify holes and weaknesses in your network.
Vulnerability scanning, as an accompaniment to penetration testing and used for assessment, helps identify those weaknesses.
What is vulnerability scanning?
Vulnerability scanning, also commonly known as ‘vuln scan,' is an automated process of proactively identifying network, application, and security vulnerabilities. Vulnerability scanning is typically performed by the IT department of an organization or a third-party security service provider. This scan is also performed by attackers who try to find points of entry into your network.
The scanning process includes detecting and classifying system weaknesses in networks, communications equipment, and computers. In addition to identifying security holes, the vulnerability scans also predict how effective countermeasures are in case of a threat or attack.
A vulnerability scanning service uses piece of software running from the standpoint of the person or organization inspecting the attack surface in question. The vulnerability scanner uses a database to compare details about the target attack surface.
The database references known flaws, coding bugs, packet construction anomalies, default configurations, and potential paths to sensitive data that can be exploited by attackers.
After the software checks for possible vulnerabilities in any devices within the scope of the engagement, the scan generates a report. The findings in the report can then be analyzed and interpreted in order to identify opportunities for an organization to improve their security posture.
Network Vulnerability Scan Categories
Network vulnerability scans can be categorized based on their use-cases:
- Intrusive and non-intrusive methods
- External vulnerability scan
- Internal vulnerability scan
- Environmental scan
- Scanning Methods
We differentiate between two scan methods, non-intrusive vulnerability scans and intrusive vulnerability assessments. The non-intrusive method identifies a vulnerability and generates a report for the user to fix it. If a non-intrusive scanning method is used, no actual vulnerability exploitation occurs during this process: the scanner attempts to discover the probability of a vulnerability occurring given the conditions. Intrusive assessments, however, make attempts to exploit vulnerabilities after they are discovered during scanning and an attack plan is created.
The main benefit of the intrusive method is that the scan highlights the security risk as well as the impact of an exploited vulnerability. On the other hand, these scans could disrupt processes and operational systems in the network which can cause issues for both the customers and employees of an organization; therefore, intrusive scans should be used with caution.
External vulnerability scans target the areas of an IT ecosystem that are exposed to the internet, or not restricted for internal use. These areas can include applications, ports, websites, services, networks, and systems that are accessed by external customers or users.
With internal vulnerability scans, the primary target of the software is the internal enterprise network. Once a threat agent makes it through a security hole, the threat agent can leave enterprise systems prone to damage. These scans search for and identify the vulnerabilities inside the network in order to avoid damage, as well as to allow organizations to protect and tighten systems and application security that are not exposed by external scans.
Environmental vulnerability scans are based on the specific environment of an enterprise’s technology operations. These vulnerability scans are specialized and are available to deploy for multiple technologies, such as IoT devices, websites, cloud-based services, and mobile devices.
How does vulnerability scanning work?
Depending on the type of scan the vulnerability platform uses, various techniques and tactics will be leveraged to elicit a response from devices within the target scope. Based on the devices’ reactions, the scanner will attempt to match the results to a database and assign risk ratings (severity levels) based on those reactions.
Vulnerability scanners can be configured to scan all network ports, detecting and identifying password breaches as well as suspicious applications and services. The scanning service reports security fixes or missing service packs, identifies malware as well as any coding flaws, and monitors remote access.
Your First Step
Vulnerability scanning is an important first step for any organization that wants to determine the best path towards hardening security defenses. Scanning and analysis provide information and vulnerability discovery that can help fine-tune a penetration test, giving you the greatest return on your security testing investment.
Want more? Read about vulnerability scanning best practices, or how to read a vulnerability assessment report. Better yet, listen to the webinar on quality vulnerability scans, assessments, and pen tests.
Featured Image: iStock.com/monsitj