Ultimate Guide to Vulnerability Scanning - Categories, Benefits, and Drawbacks
These days more and more businesses are deploying applications to boost productivity, growth, and success.
11:46 17 November 2020
Recent reports on software application trends show that the average small company uses 102 apps. Mid-sized businesses employ an average of 137 apps, while enterprises (companies with 1000+ employees) have at least 288 applications.
The benefits of using applications in businesses today can’t be disputed. However, it’s also hard to deny the unprecedented exposure that increased app usage has caused, especially for small businesses. Data from the Verizon Data Breach Investigations Report (2020) shows that 43% of breaches in 2020 were on web applications.
Often, most successful attacks on applications can be traced back to open source vulnerabilities. These are exploitable system flaws or “holes” exported from open-share applications. This is what makes an open-source vulnerability scanner a vital tool when securing your applications.
Vulnerability scanning is the systematic process of proactively identifying, analyzing, and reporting flaws or gaps that cybercriminals can exploit when trying to infiltrate an app or networak. In an organization or business, a vuln scan, as it’s also called, is performed by the IT team.
An external application security service provider may also be contracted to identify any possible vulnerabilities. On the same note, cybercriminals may scan an organization’s system and networks to identify existing flaws through which they can launch an attack.
How Vulnerability Scanning Works
When doing a vuln scan, the scanning tool begins by identifying and creating a list of all the devices that are connected to a network, including routers, computers, laptops, servers, printers, and virtual machines. The scanner goes ahead to identify the operating system, software, and applications in each of these devices.
After creating an inventory, the scanning application starts scanning each item against a previously established list of known vulnerabilities. At the end of the scanning process, the tool creates another list noting the possible vulnerabilities.
This report is analyzed by the IT department and used to determine areas that may need improvement to boost the entire system’s security stand. Lastly, the information is added to database references for use in future vulnerability scans and audits.
Difference between Vulnerability Scanning and Penetration Testing
Vulnerability scanning and pen testing are two of the key ways used to identify system weaknesses/vulnerabilities in a business. These services are commonly thought to be similar, mainly because both of them depend on three factors to determine system weaknesses;
- Risk level
- Cost and time
However, these 2 are different services. The significant difference between them is that while vulnerability scanning is fully automated, there is a human factor in penetration testing doing manual tests.
Major Categories of vulnerability scans
Vulnerability scans can fall into 2 major categories depending on the perspective from which they are done:
1. Internal vulnerability scan
An internal vuln scan helps the IT department determine real and potential security threats from an insider’s standpoint. The insider here may be an employee with access to the organization’s security system.
Most businesses today allocate most of their resources in beefing up the network security perimeter against attacks from the outside. Only a small fraction (if any) goes to securing the network from attacks from within.
While external attacks are seemingly the most common for hackers, an available ‘hole’ from the inside would also make an attack very easy. Internal vulnerabilities may take different forms, from disgruntled employees willing to share sensitive information and data to emails with a malicious attachment.
Cybercriminals can launch a devastating attack using internal weaknesses and flaws from the inside just as from the outside. That’s why experts recommend businesses-both big and small- not to ignore internal scans.
Common internal vulnerabilities to watch out for;
- Missing third party patches
- Unpatched high-risk vulnerabilities
- Named vulnerabilities, including EternalBlue, DROWN, and Heartbleed
How often should you do an internal vulnerability scan?
The frequency of internal scans will mainly depend on the type and size of business. It will generally be more feasible for a large enterprise to run regular internal vulnerability scans than a small locally-owned business.
If your budget allows, monthly scans might help catch vulnerabilities before malicious actors can exploit them. However, if your budget doesn’t allow monthly scans, doing them every quarter will also help a lot.
2. External vulnerability scans
An external vulnerability assessment is the opposite of an internal scan. While an internal scan is done from inside the network, an external scan tests your network’s public access. These scans mainly address your network’s external IP address and are used to determine your business’s security posture from the outside.
An external vulnerability assessment offers you an opportunity to see any flaws and weaknesses in your system that malicious hackers may exploit to access sensitive information. A timely scan helps you identify the most pressing issues before cybercriminals have had the opportunity to act.
Common external vulnerabilities to watch out for;
- Communicating data on unsecure transfer protocols
- Deprecated SSL, TLS 1.0, and TLS 1.1 protocols
- Named vulnerabilities
How often should you run an external vulnerability scan?
Most compliance requirements will require you to carry out an external scan quarterly. However, that’s not often enough when you consider that a malicious attacker needs only one flaw to access your network. For that reason, we recommend monthly assessments regardless of the size of your business.
Benefits of vulnerability scanning tools
- They generate results fast
- These scans are easy to run, so they can be repeated regularly (daily, weekly, monthly, or quarterly)
- Most vulnerability scanning tools are relatively easy to use
Disadvantages of vulnerability scanning tools
- These tools require a constant update.
- Businesses with extensive IT infrastructure are likely to struggle with lots of false positives.
- Some vulnerability scanners may not identify all the vulnerabilities.
Conclusion: What Next after a Network Vulnerability Scan?
After a vulnerability scan, you get to the last stages of the Vulnerability Management Life Cycle;
Report: document a security plan pointing out possible vulnerabilities.
Remediate: fix the vulnerabilities in order of their risk level
Verify: run a follow-up audit to ensure that the vulnerabilities have been eliminated