The Essential Guide to Vulnerability Scanning

Updated: August 20, 2012

While it's important to link business networks to the Internet for the free exchange of information, a Net connection also opens the door to potential security breaches by malicious attackers . Fortunately, there's a way to protect your network's susceptible areas. Vulnerability scanning utilizes technology that seeks out security flaws and tests systems for weak points. Most scanning systems generate a report of their findings so that a business can use the information to tighten its network's security . Though it usually refers to the practice of scanning Internet-linked networks, vulnerability scanning can also be applied to system audits conducted on internal networks that assess the threats posed by rogue software or malicious employees.

Many enterprises only perform vulnerability scanning as part of an overall security audit - perhaps as infrequently as once a year. This is a big mistake; not only do networks and network connections get updated far more frequently, but new vulnerabilities are discovered weekly. For a larger organization, it's important to make vulnerability scanning a part of a regular security analysis with much more frequent scanning.

Soft Spots

Attackers looking to gain easy access to business networks use a variety of different techniques. Yet one characteristic all attackers have in common is their desire to search for a network's weak points - its soft spots - which they can then use to launch invasions with minimal effort.

Just as the average burglar looks for an unlocked home door, or a car thief scans vehicles for one with a key left in the ignition, an attacker may examine multiple networks to find the one that provides fast and simple access. This proclivity poses a unique challenge for network administrators who, in order to combat inquisitive attackers, must begin to think like an attacker.

Every new update to system and server software brings the potential for new vulnerabilities along with whatever improvements are delivered. And while these vulnerabilities are often found by teams seeking to strengthen and eliminate these vulnerabilities, hackers and malicious attackers receive these reports and generate invasions as fast as they are made, so new vulnerabilities crop up continually.

Scanner Types

The are three major types of vulnerability scanners that businesses can use to find network soft spots:

  • Network Scanner : General-purpose scanner that scours networks for potential vulnerabilities.
  • Port Scanner : Software that is designed to search a network for open ports that attackers could use as illicit entry points.
  • Web Application Security Scanner : Enables businesses to conduct ongoing risk assessments to identify the vulnerability of Web applications to hostile attacks.

Scanner Tools

Businesses and network administrators can select from a variety of vulnerability-scanner offerings. These are some of the more popular tools:

  • Acunetix Web Vulnerability Scanner : This software suite includes a Web security scanner, crawler, report analysis tool and a database of security checks for all leading Web server platforms.
  • Cenzic Hailstorm : Cenzic's application scanner can analyze Web-application security status across departments, business units and geographies.
  • GFI LANguard Network Security Scanner : This vulnerability-management solution includes network-vulnerability scanning, patch management and auditing support.
  • Teneble Nessus 3 : Compatible with various types of Unix, this product performs over 900 remote security checks and suggests solutions for security problems.
  • Nmap : Nmap is a simple port scanner delivered in the form of a free, open-source utility for network exploration or security auditing.
  • QualysGuard : Qualys Inc. claims to be the first software vendor to offer a hosted, on-demand solution for security-risk and compliance management.
  • Retina Network Security Scanner : Vendor eEye Digital Security Inc. contends that its vulnerability scanner detects both known and zero-day vulnerabilities. The product also provides a security-risk assessment that helps business embrace security best practices, adopt policy enforcement and handle regulatory audits.
  • SAINT Network Vulnerability Scanner : This network-vulnerability scanner is integrated with a penetration testing tool to enable users to exploit found vulnerabilities.

The Bottom Line

According to the best security practices unit of the Yankee Group Research Inc. , a Boston-based technology advisory firm, organizations should perform vulnerability management on at least a daily or weekly basis. Make sure your business is secure by following their advice.

Related Categories
Featured Research
  • Baselining Best Practices

    IT must ensure new applications are rolled out quickly, reliably, and without risk, while at the same time guaranteeing performance and availability. Read this VirtualWisdom white paper to find out how to achieve application-aligned infrastructure performance, and more. more

  • Next Generation End User Experience Management: APM

    In an era of new technologies and cloud-based application delivery models, your business success depends on your ability to ensure optimal application performance and quality user experiences at all times. This complimentary white paper from AppNeta will enlighten you to the new frontiers in end user experience management and much more. more

  • Optimizing Application Delivery to the Network Edge

    Increasingly, the success of business is being tied to the network. The transformation of the network and IT can help organizations deliver and support highly available applications and services while reacting more quickly to changes in the business environment. In this complimentary white paper from IDC, learn how HP can help its customers and partners improve the overall application experience. more

  • Networking Routers Buyer's Guide for SMB & Enterprise

    This buyer's guide presents an overview of leading products on the market today and aims to improve research for companies needing to purchase or upgrade their equipment. more