How Vulnerability Scanning Can Protect Your Organization

What was the last company you heard about that got hacked? Do you know how the attackers got in? Frequently the first step in an attack is to scan the victim's systems for vulnerabilities to exploit.

Modern organizations need to regularly evaluate their own systems so administrators can close holes to improve security. One-way organizations can do this is to proactively run their own vulnerability scans to discover issues on their devices before the cyber-attacker does.

A vulnerability scanner is a computer program that assesses computers, networks, or applications for known weaknesses. These weaknesses are vulnerabilities that attackers can exploit to gain unauthorized access or otherwise cause harm. System administrators constantly patch systems to fix vulnerabilities, but sometimes administrators miss patches. Vulnerability scans catch missed patches, and they can also detect misconfigurations. A misconfiguration is when a system's options have been set incorrectly or sub-optimally, leading to vulnerabilities.

Suppose a system is missing patches and has misconfigured settings, making it much more vulnerable to attack. It's important to note that patches don't necessarily fix system misconfigurations. A vulnerability scan will reveal the issue so an administrator can adjust the system's configuration to improve security.

Vulnerability scanning is essential because systems on the Internet are constantly scanned and attacked. Even if you aren't running vulnerability scans on your Internet-facing systems, someone else is, and they don't have your best interests in mind. The global nature of the Internet allows criminals in faraway places to attack your systems with relative impunity, and they are constantly scanning for unpatched systems to exploit. Even if a patch exists for a given vulnerability, criminals can exploit the lag time from the vulnerability becoming known and a patch being released to a given system being patched. Patching systems promptly is critical and running a vulnerability scan will help reveal missing patches that need to be applied.

The value of vulnerability scanning isn't just limited to Internet-facing systems. It's also helpful to run vulnerability scans on internal systems so that your staff can fix any issues found. Internal scanning improves the security of your internal network. It could keep an attacker that has established a foothold inside your internal network from moving from system to system and escalating their privileges.

After running a vulnerability scan, you must interpret the results and prioritize what to fix. The analysis and prioritization are where an experienced IT professional can provide value. Vulnerability scanning tools typically generate a report which will list each system scanned and vulnerabilities found. Most vulnerability scanners include a rating for the severity of each vulnerability and steps to remediate it, which may contain links to patches. Competent system administrators focus on fixing the most severe issues first and sort out which "vulnerabilities" reported are false positives.

Michael Markulec

technology executive, cyber-security guru, politician, rugby player, deadhead, brewer, former army officer, crossfitter, and hard-drinking calypso poet.