What is vulnerability scanning?
Vulnerability scanning is the process of scanning a network or system to identify any existing security vulnerabilities.
It is a proactive measure used to detect any weaknesses that an attacker may exploit to gain unauthorised access to a system or network.
Vulnerability scanning can be either manual or automated, and can involve scanning for known vulnerabilities, analysing the configuration of a system or network, or using an automated tool to detect any possible vulnerabilities.
How do you perform a vulnerability scan?
A vulnerability scan is typically performed with specialised software that searches for known weaknesses and security issues in the system.
The scan typically looks for missing patches, known malware, open ports, weak passwords, and other security risks.
Once the scan is complete, the results are analysed to determine which areas of the system need to be addressed to improve its overall security.
What are the types of vulnerability scans?
There are two main types of vulnerability scan: unauthenticated and authenticated.
Unauthenticated scans are conducted without any credentials and, as such, can only provide limited information about potential vulnerabilities. This type of scan helps identify low-hanging fruit, such as unpatched systems or open ports.
Authenticated scans, on the other hand, are conducted with administrative credentials. This allows the scanning tool to provide much more comprehensive information about potential vulnerabilities, including those that may not be easily exploitable.
Why are vulnerability scans important?
Vulnerabilities are widespread across organisations of all sizes. New ones are discovered constantly or can be introduced due to system changes.
Criminal hackers use automated tools to identify and exploit known vulnerabilities and access unsecured systems, networks or data.
Exploiting vulnerabilities with automated tools is simple: attacks are cheap, easy to run and indiscriminate, so every Internet-facing organisation is at risk.
All it takes is one vulnerability for an attacker to access your network.
This is why applying patches to fix these security vulnerabilities is essential. Updating your software, firmware and operating systems to the newest versions will help protect your organisation from potential vulnerabilities.
Worse, most intrusions are not discovered until it is too late. According to the global median, dwell time between the start of a cyber intrusion and its identification is 24 days.
What does a vulnerability scan test?
Automated vulnerability scanning tools scan for open ports and detect common services running on those ports.
They identify any configuration issues or other vulnerabilities on those services and look at whether best practice is being followed, such as using TLSv1.2 or higher and strong cipher suites.
A vulnerability scanning report is then generated to highlight the items that have been identified.
By acting on these findings, an organisation can improve its security posture.
Who conducts vulnerability scans?
IT departments usually undertake vulnerability scanning if they have the expertise and software to do so, or they can call on a third-party security service provider like IT Governance.
IT Governance’s scans are conducted on targets that the client has the necessary permissions to scan, and service users are required to confirm that they have those permissions.
Vulnerability scans are also performed by attackers who scour the Internet to find entry points into systems and networks.
How often should you conduct a vulnerability scan?
Vulnerability scans should be performed regularly so you can detect new vulnerabilities quickly and take appropriate action. High-risk systems should be subject to more frequent scans.
You should have a vulnerability management programme. This should include scanning (at least monthly) and annual penetration testing, as well as when you make changes to your systems.
This will help identify your security weaknesses and the extent to which you are open to attack.
What’s the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is an automated process that identifies your cyber security weaknesses.
Penetration testing goes one step further. Professional ethical hackers combine the results of automated scans with their expertise to reveal vulnerabilities that may not be identified by scans alone.
Penetration testers will also consider your environment (a significant factor in determining vulnerabilities’ true severity) and upgrade or downgrade the score as appropriate.
Scans can detect false positives, so you don’t waste time and money protecting parts of your infrastructure that are already secure.
By mimicking the techniques used by criminals and other threat actors, penetration testers can determine the extent to which your organisation is vulnerable.
Vulnerability scanning and remote working
Identifying and mitigating security vulnerabilities is especially important when staff work from home.
When using a home network to connect to the Internet, security features like filtering, firewalls and encryption may not be present.
When staff use their own equipment (known as BYOD or ‘bring your own device’) to connect to the corporate network, you have less control over their security settings.
Keeping your VPN (virtual private network) software up to date is essential to ensure staff have secure remote access to corporate systems.
Can a vulnerability scan help identify vulnerabilities on my website?
Vulnerability scans can be used to find vulnerable software and infrastructure that has been incorrectly configured.
For instance, the scan could reveal that the version of Apache Web Server running requires updating or that communication ports have been left exposed that don’t need to be.
A vulnerability scan cannot detect errors in the logic of the website, such as text fields that accept malicious data.
To comprehensively assess a website’s security, a skilled ethical hacker experienced in web application testing should conduct a penetration test. These tests should be performed regularly and after changes to the applications have taken place.
A vulnerability scan will detect if a web server and vulnerable applications have been exposed to the Internet, but may not identify other flaws such as URL manipulation that expose the application’s data or users.
Is a vulnerability scan suitable for industrial control systems?
No, vulnerability scans are unsuitable for complex production environments with external access to industrial control systems or telecommunications equipment.
This is because of the specialised nature of such production environments and the need for the correct tools and appropriately skilled ethical hackers. This type of environment will require a manually controlled penetration test.
IT Governance’s Vulnerability Scanning Service
With a monthly subscription to our Vulnerability Scanning Service, you can:
- Scan for thousands of vulnerabilities, helping you see exactly what criminal hackers can see;
- Receive a detailed report that gives you a breakdown of all your weak spots;
- Act quickly to fix your security weaknesses before criminal hackers find and exploit them; and
- Run and rerun scans as often as you like each month.
Take the first step to a safer future – buy our Vulnerability Scanning Service now