Cybersecurity, Simplified: Vulnerability Scanning

While unearthing a vulnerability isn’t something anyone wants to learn, it’s something business owners, IT resources, and cybersecurity providers need to know about sooner, not later. The good news is, there is an easy way to detect vulnerabilities in your networks and web applications: Run vulnerability scans.

Who is vulnerability scanning for?

Everyone! After all, who isn’t a little vulnerable?

Small businesses are often the target of cybersecurity attacks because they typically have far less protection than large enterprises. And with that, it can be much easier for attackers to exploit them as entry points into connections they have with large enterprises, government organizations, partner networks, or consumers. That’s why it’s critically important that businesses of all sizes regularly run vulnerability scans, as vulnerabilities are numerous, constantly emerging, and hard to keep track of making them fertile grounds for bad actors looking for new ways to exploit.

What is vulnerability scanning?

A vulnerability scan is an automated tool that identifies Common Vulnerabilities and Exposures (CVEs), or publicly known vulnerabilities, in a company’s network, server, and operating systems. To break things down even further, network vulnerability scans fall into two general categories:

• External vulnerability scans run from outside of the network, looking for holes (e.g. open ports, configuration issues, etc.) in any public-facing asset (i.e. firewalls, servers, or web applications) that could be exploited by an inbound threat such as a malicious hacker or virus.
• Internal vulnerability scans start inside the company network to check individual devices for vulnerabilities that someone – or something – could take advantage of if they gain access to the internal network (e.g. unpatched software with security gaps, malware on an employee’s device, or a malicious insider).

Scan results may include surfacing out-of-date software, hardware, and even IoT devices (e.g. security cameras, printers, or even coffee machines) that still have default passwords. Once a report is generated, an organization should take these results and remediate any findings, beginning with the critical ones, then working to medium and low.

One important distinction: Neither internal nor external vulnerability scanning is the same as a traditional penetration test, which utilizes analysis and human intelligence to try to break into the network. Penetration testing is typically completed by humans, and assisted by technology, while vulnerability scanning is a 100% technology-based tool that can be run automatically and/or by humans.

When does vulnerability scanning matter?

While multiple compliance frameworks have varying recommendations around the frequency of scanning, there is no single standard for how often you should scan your network for vulnerabilities. Defendify recommends running scans at least monthly. In addition, it’s important to start a new scan any time new assets such as a workstation, server, router, switch, or firewall, are added to your network.

Where does vulnerability scanning happen?

A vulnerability scanner is a tool that runs from the cloud and/or from a server in your network. The tool runs regular scans, checking networks for CVEs and more by leveraging machine learning and advanced logic to maximize reach (i.e. lateral movement) through the network. Once activated, the scanner runs autonomously, reporting regularly on any issues requiring remediation.

Why is vulnerability scanning important?

• It locates potential security holes in your assets. But the most important part is reviewing the report and addressing any problems.
• It is efficient. Once activated it runs autonomously, freeing your IT team up to focus on other needs, including remediation efforts around findings.
• It prioritizes the issues. Critical vulnerabilities will be marked as such so you’ll know where to focus on making improvements. It’s an effective way to locate and prioritize issues that might be taken advantage of in the wrong hands.

Vulnerability scanning means knowledge, and knowledge is power

When it comes to vulnerabilities on your business’s network and devices, it is tempting to have an ‘ignorance is bliss’ attitude and skip the scanning altogether. After all, vulnerability scans can turn up unexpected issues that need immediate attention. But fundamental to a strong cybersecurity posture is understanding where you’re vulnerable, and that’s why we encourage you to let another all-too-common proverb guide you: Knowledge is power.