Active Audit Agency

т: +38(044) 228-15-88

e-mail: info@auditagency.com.ua

vulnerability scanning

Vulnerability scanning

Why to do vulnerability scanning?

The vulnerabilities exist in any information system. As soon as software vendor performs patch or update on it after 2-3 days there will be an exploit available for vulnerabilities on the computers out of this patch.

New vulnerabilities appear permanentley and hackers know about that. A hacker or evildoer usually tries to find weaknesses in security perimeter and use it for further attack development.

Vulnerability audit for critical systems is a vital task for the business.

There are special tools available to detect vulnerabilities in time. The most of them allow to evaluate vulnerable systems and how to eliminate the concrete vulnerability.

Common practice is to scan on vulnerabilities during information security audit or as a part of penetration test. This approach is potentially dangerous since new vulnerabilities appear almost every day. To keep confidence on its protection the company should perform vulnerability scan more often.

Limitations:

Vulnerability scan detects only potential breaches in your information system. It will For this purpose we would recommend to conduct full penetration test into your system (or systems).

Besides vulnerability scanners have a certain part of so-called "false positives", i.e. discovered vulnerabilities are not present or improperly interpreted by software.

We offer vulnerability scanning as a service

Vulnerability scanning functions are available on several software( or sometimes hardware) solutions. Some of them are better, others worse. To make vulnerability detection more accurate we recommend to apply several scanners. For SMB companies (and in some cases for big corporations) to buy one or some scanners may be expensive, taking into account that those products are licensed usually on limited term (as a rule 1 year).

Advantages:

  • you don't need to buy scanners and IT equipment to support them - security solution costs are decreasing;
  • you get the clear SLA and consulting support to eliminate detected vulnerabilities;
  • you may choose the scanning type customized to your needs;
  • possibility to change quantity of scanners used.

Vulnerability scanning is conducted in the following options:

  • external scanning from the Internet(simulating hacker) or internal scanning (simulating insider); scanning of the WEB-site and WEB application;
  • agressive (may bother normal network functioningbut more accurate) or passive (no problems with network but much longer) scanning;
  • scanning the potential (based on limited information) or actual vulnerabilities;
  • scanning with one or several scanners (see list of scanners in section Products);
  • one-time or regular scanning.

Read also:

Penetration Test Requirements