Vulnerability Scanning – The Tool That Keeps On Giving
We have recently seen an increase in customers asking if
performing vulnerability scans is necessary in an era where patching can be
automated at the host or by using patch management tools. The short answer is
YES! Each environment is its own animal and the possibility of an organization
being compromised rises at a high rate when they are not sure of what potential
vulnerabilities lurk within each system.
When performing vulnerability scans against the systems in
your organizations, you get a complete look at potential vulnerabilities that
exist which may not be resolved by just applying a patch. Some require a
customized approach where a hands-on change to a system is required. Take, as
an example, software applications that install services which can run encrypted
and unencrypted communication channels. Many applications, by default, will
install both services and allow the end user to configure which communication
port/service to run on. This method doesn’t mean the software isn’t patched BUT
the vulnerability scanner would flag this as an issue while the Patch
Management system will not flag this as an issue.
Vulnerability scanners should also be used to validate that
your patch management program is applying the appropriate patches. If your
organization relies on the patch program to report that the patches were
distributed, you could miss that a device didn’t have the patch applied
correctly. This scenario happens quite often in organizations which have
devices that do not behave properly. A checks and balances toward each system
in place is a great way for your organization to remain compliant regarding any
type of regulatory requirement that your business line must adhere to.
Attackers are constantly sweeping for vulnerable ports,
services and applications since most organizations will typically not have
everything patched and configured in a hardened state. Performing these scans
on a routine basis, at least quarterly and hopefully monthly, will help lower
the potential risk of a breach occurring. With the ability to automate these scans
and generate reports on the findings, it really doesn’t require a large commitment
of time or effort.
Another example of the usefulness of vulnerability scanning comes
with the ability to scan for rogue devices that may be plugged into the environment.
These rogue devices could be placed there for many reasons – from employees using
personal devices to malicious access points placed on the network for unauthorized
access. Whatever the reason, a scan can help identify these devices on the
network.
As hackers continue to look for vulnerabilities while creating malware, it is imperative that organizations take steps to minimize the threat they impose. Running these types of vulnerability scans against the environment can help with by providing a snapshot of the infrastructure’s security posture.