The traditional approach to vulnerability scanning is to scan systems and applications for weaknesses at certain intervals, for example, quarterly or monthly scans.
The problem with this approach is that the organization only has visibility of the vulnerabilities detected at those particular points in time.
This ebook will walk you through the steps of how to move to a modern approach to vulnerability scanning. We start with the security basics, identify your cyber exposure gap with these questions:
- Where are we exposed?
- Where should we prioritize based on risk?
- How are we reducing our cyber exposure over time?
Benefits of Real-Time Vulnerability Management
Live discovery of every modern asset across any computing environment
Understand the state of all assets, including vulnerabilities, misconfigurations and other health indicators
Add context to the exposure to prioritize and select the appropriate remediation technique
Understand exposures in context, to prioritize remediation based on asset criticality, threat context and vulnerability severity
Risk-based exposure scoring and prioritization
Prioritize which exposures to fix first, if at all, and apply the appropriate remediation technique
What is Vulnerability Scanning?
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for known weaknesses. In plain words, these scanners are used to discover the weak points or poorly constructed parts.
It’s utilized for the identification and detection of vulnerabilities relating to mis-configured assets or flawed software that resides on a network-based asset such as a firewall, router, web server, application server, etc. Modern vulnerability scanners will allow for both authenticated and unauthenticated scans to occur.
Modern scanners are typically available as SaaS (Software as a Service) by providers over the internet as a web application and the amount of host information is vast. The modern vulnerability scanner has the capabilities to customize vulnerability reports, installed software, open ports, certificates and much other host information that can be queried by users to increase network security.
Authenticated scans allow for the scanner to directly access network based assets using remote administrative protocols such as secure shell (SSH) or remote desktop protocol (RDP) and authenticate using provided system credentials. This allows the vulnerability scanner to access low-level data, such as specific services and configuration details of the host operating system. It’s then able to provide detailed and accurate information about the operating system and installed software, including configuration issues and missing security patches.
Unauthenticated scans is a method that can result in a high number of false positives and is unable to provide detailed information about the assets operating system and installed software. This method is typically used by threat actors or security analyst trying determine the security posture of externally accessible assets.
Download: The Modern Approach to Vulnerability Scanning
Why is Vulnerability Scanning Vital to Your Business?
Imagine your business as a house in which a couple and their child reside. The doors and windows are locked to keep intruders from getting inside, but one day the child lets a stranger in the back door while the parents are out working in the front yard. The stranger quietly rummages through the house looking for valuables, gathers them up and throws them out an upstairs window.
Hackers and malware aren’t just present outside your firewall; they can be on the inside as well. The idea that threats may originate from the internet makes sense to most, but what is less commonly understood are threats originating from within the internal network. These types of threats can include disgruntled employees who have targeted systems from the inside, or malware (such as viruses or Trojans) that is downloaded onto a networked computer via the Internet or a USB stick. Once the malware is on the internal network, it sets out to identify other systems and services on the internal network—especially services it would not have been able to “see” from the Internet.
So according to the house example above, an external scan would check to be sure all doors and windows of the house are locked and impassable, while an internal scan would search the inside of the house to ensure that the family’s valuables are hidden from plain sight and properly secured.
The example is taken from PCI Compliance Guide.
Asset Discovery: Unknown Assets and Devices
An asset is no longer just a laptop or server. It’s now a complex mix of digital computing platforms and assets which represent your modern attack surface, including cloud, containers, web applications, and mobile devices. With Cybriant’s Real-Time Vulnerability Management service, we can proactively discover true asset identities (rather than IP addresses) across any digital computing environment and keep a live view of your assets with our managed vulnerability management service.
Timing is Everything with Vulnerability Scanning
As soon as a vulnerability becomes known, it is critical to fix it as soon as possible. Why? Because that is when potential attackers are best positioned to exploit it.
If you are only scanning for vulnerabilities monthly, quarterly, or yearly (gasp!) you will only know about vulnerabilities the next time you scan. The time-to-detection is already behind and even worse, the time-to-response is already delayed.
With a continuous solution, like real-time vulnerability management, our security experts will easily alert you as soon as the vulnerability is known and then as soon as a fix is available.
Performing only a single vulnerability scan each year or quarter puts organizations at risk of not uncovering new vulnerabilities. The time between each scan is all an attacker needs to compromise a network.
With continuous scanning, our security experts automatically have visibility to assess where each asset is secure or exposed.