Article by Casper Manes
Two of the best pieces of advice ever given to me are “Know your enemy” and “Know Thyself”.
Neither was offered in the context of information security, but both are exceptionally appropriate, and a vulnerability scanner will help with both.
A vulnerability scanner is a tool that can automatically scan your network and the systems connected to it, examining each one for vulnerabilities that could be exploited. Malicious users frequently use vulnerability scanners or other automated scanning tools to hunt for ways to compromise your systems; using the same tools yourself not only gives you an understanding of what they are seeing on your network, but also lets you know about issues before they become incidents.
There are many different reasons to use a vulnerability scanner. Security engineers may use a vulnerability scanner to report on the overall threat matrix, but systems admins should take advantage of more than just that.
Here are my own top four reasons to use a vulnerability scanner on my own network. Run through this list and see if you don’t decide to use a vulnerability scanner yourself by the time you get to the end.
Scanning shows you what other reports can’t.
- Your patching and a/v systems can’t report on the things that don’t run their agents or belong to the domain. Standalone servers, network hardware, rogues workstations, and access points are all examples of things on your network that neither your a/v nor your patching solution will be able to include in a report.
Diff-ing scheduled scans let’s you spot and track changes.
- One of the most effective ways to spot any changes on your network, whether that be new systems plugged in, or just new services enabled, is to scan weekly and then compare the deltas. This is also a fantastic way to audit your change management process to make sure it is being followed and is effective.
Knowing what the bad guys see helps you rank and schedule remediations.
- You know the bad guys are scanning your network. Knowing what they are seeing, and being able to rank vulnerabilities by risk and impact, will let you assign tickets and set priorities for fixing any issues discovered by the scan.
It’s one thing to talk about vulnerabilities; it’s quite another to show them.
- You can talk to some systems admins, or managers, until you are blue in the face about how important it is to patch their system and have as much impact as talking to yourself. But if you run a vulnerability scan and show them just how many vulnerabilities are showing up in their system. That will get their attention, and then their system should get the attention it needs.
Running regular scans of your network with a vulnerability scanner shows you what potential attackers are seeing, highlights potential attack points, and helps you keep track of everything plugged into your network. Using a vulnerability scanner is a great way to stay a step ahead of the bad guys and to keep on top of your own systems.
This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.
Cross-posted from Cyber Arms