Four Reasons to Use a Vulnerability Scanner

Wednesday, February 01, 2012

Dan Dieterle

B64e021126c832bb29ec9fa988155eaf

Article by Casper Manes

Two of the best pieces of advice ever given to me are “Know your enemy” and “Know Thyself”.

Neither was offered in the context of information security, but both are exceptionally appropriate, and a vulnerability scanner will help with both.

A vulnerability scanner is a tool that can automatically scan your network and the systems connected to it, examining each one for vulnerabilities that could be exploited. Malicious users frequently use vulnerability scanners or other automated scanning tools to hunt for ways to compromise your systems; using the same tools yourself not only gives you an understanding of what they are seeing on your network, but also lets you know about issues before they become incidents.

There are many different reasons to use a vulnerability scanner. Security engineers may use a vulnerability scanner to report on the overall threat matrix, but systems admins should take advantage of more than just that.

Here are my own top four reasons to use a vulnerability scanner on my own network. Run through this list and see if you don’t decide to use a vulnerability scanner yourself by the time you get to the end.

Scanning shows you what other reports can’t.

  • Your patching and a/v systems can’t report on the things that don’t run their agents or belong to the domain. Standalone servers, network hardware, rogues workstations, and access points are all examples of things on your network that neither your a/v nor your patching solution will be able to include in a report.

Diff-ing scheduled scans let’s you spot and track changes.

  • One of the most effective ways to spot any changes on your network, whether that be new systems plugged in, or just new services enabled, is to scan weekly and then compare the deltas. This is also a fantastic way to audit your change management process to make sure it is being followed and is effective.

Knowing what the bad guys see helps you rank and schedule remediations.

  • You know the bad guys are scanning your network. Knowing what they are seeing, and being able to rank vulnerabilities by risk and impact, will let you assign tickets and set priorities for fixing any issues discovered by the scan.

It’s one thing to talk about vulnerabilities; it’s quite another to show them.

  • You can talk to some systems admins, or managers, until you are blue in the face about how important it is to patch their system and have as much impact as talking to yourself. But if you run a vulnerability scan and show them just how many vulnerabilities are showing up in their system. That will get their attention, and then their system should get the attention it needs.

Running regular scans of your network with a vulnerability scanner shows you what potential attackers are seeing, highlights potential attack points, and helps you keep track of everything plugged into your network. Using a vulnerability scanner is a great way to stay a step ahead of the bad guys and to keep on top of your own systems.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.

Cross-posted from Cyber Arms

Possibly Related Articles:
7084
Vulnerabilities
Information Security
Vulnerabilities Scanners Tools Attacks Network Security hackers Remediation SysAdmin Dan Dieterle Casper Manes
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.