Scribd
Upload
7 views7 pages

3.Vulnerability Scanning

Vulnerability scanning is the automated process of assessing networks or IT assets for security weaknesses that could be exploited by threat actors, serving as the first step in vulnerability management. It helps organizations identify and remediate vulnerabilities to maintain security and regulatory compliance. Different types of scans, including external, internal, and authenticated scans, provide insights into potential security risks from various perspectives.

Uploaded by

monishasekar438
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
7 views7 pages

3.Vulnerability Scanning

Vulnerability scanning is the automated process of assessing networks or IT assets for security weaknesses that could be exploited by threat actors, serving as the first step in vulnerability management. It helps organizations identify and remediate vulnerabilities to maintain security and regulatory compliance. Different types of scans, including external, internal, and authenticated scans, provide insights into potential security risks from various perspectives.

Uploaded by

monishasekar438
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 7

1. What is vulnerability scanning?

Vulnerability scanning, also called “vulnerability assessment,” is the


process of evaluating networks or IT assets for security vulnerabilities
—flaws or weaknesses that external or internal threat actors can
exploit.
• Vulnerability scanning is the first stage of the broader vulnerability management lifecycle.
• In most organizations today, vulnerability scans are fully automated. They are carried out by
specialized vulnerability scanning tools that find and flag flaws for the security team to review.
• Vulnerability exploitation is the second most common cyberattack vector behind phishing.
• Vulnerability scanning helps organizations catch and close security weaknesses before
cybercriminals can weaponize them.
• For this reason, the Center for Internet Security (CIS) considers continuous vulnerability
management, including automated vulnerability scanning, a critical cybersecurity practice.
2. What are security vulnerabilities?
A security vulnerability is any weakness in the structure, function or
implementation of an IT asset or network. Hackers or other threat actors can
exploit this weakness to gain unauthorized access and cause harm to the
network, users or the business. Common vulnerabilities include:
• Coding flaws, such as web apps that are susceptible to cross-site scripting,
SQL injection and other injection attacks because of how they handle user
inputs.
• Unprotected open ports in servers, laptops and other endpoints, which
hackers could use to spread malware.
• Misconfigurations, such as a cloud storage bucket that exposes sensitive
data to the public internet because it has inappropriate access permissions.
• Missing patches, weak passwords or other deficiencies in cybersecurity
hygiene.
3. Why vulnerability scanning matters ?
To adopt a more proactive security posture in the face of these cyberthreats, IT teams
implement vulnerability management programs. These programs follow a
continuous process to identify and resolve security risks before hackers can exploit
them. Vulnerability scans are typically the first step in the vulnerability management
process, uncovering the security weaknesses that IT and security teams need to
address.

Many security teams also use vulnerability scans to

Validate security measures and controls—after putting new controls in place, teams
often run another scan. This scan confirms if the identified vulnerabilities are fixed. It
also confirms that the remediation efforts didn't introduce any new problems.

Maintain regulatory compliance—some regulations explicitly require vulnerability


scans. For example, the Payment Card Industry Data Security Standard (PCI-DSS)
mandates that organizations that handle cardholder data undergo quarterly scans
4. How the vulnerability scanning process works

Between cloud and on-premises apps, mobile and IoT devices, laptops and
other traditional endpoints, modern enterprise networks contain too many
assets for manual vulnerability scans. Instead, security teams use
vulnerability scanners to conduct automated scans on a recurring basis.

Identifying vulnerabilities - To find potential vulnerabilities, scanners


first collect information on IT assets. Some scanners use agents installed
on endpoints to gather data on devices and the software running on them.

Prioritization and reporting - Next, the scanner compiles a report on the


identified vulnerabilities for the security team to review. The most basic
reports simply list every security issue that needs to be addressed.

Scheduling scans - A network's security risks change as new assets are


added and new vulnerabilities are discovered in the wild. Yet, each
vulnerability scan can only capture a moment in time. To keep up with the
evolving cyberthreat landscape, organizations conduct scans regularly.
5. Types of vulnerability
scanners
• There are many different types of scanners, and security teams often use a
combination of tools to get a comprehensive picture of network vulnerabilities.
• Some scanners focus on particular kinds of assets. For example, cloud scanners
focus on cloud services, while web application scanning tools search for flaws in
web apps.
• Scanners can be installed locally or delivered as software-as-a-service (SaaS) apps.
Both open source vulnerability scanners and paid tools are common. Some
organizations outsource vulnerability scanning entirely to third-party service
providers.
• While vulnerability scanners are available as stand-alone solutions, vendors
increasingly offer them as part of holistic vulnerability management suites. These
tools combine multiple kinds of scanners with attack surface management, asset
management, patch management and other key functions in one solution.
• Many scanners support integrations with other cybersecurity tools, like
security information and event management systems (SIEMs) and
endpoint detection and response (EDR) tools.
5. Types of vulnerability scans
• External vulnerability scans look at the network from the outside.
They focus on flaws in internet-facing assets like web apps and test
perimeter controls like firewalls. These scans show how an external
hacker could break into a network.

• Internal vulnerability scans look at vulnerabilities from inside the


network. They shed light on what a hacker could do if they got in,
including how they might move laterally and the sensitive information
they could steal in a data breach.

• Authenticated scans, also called "credentialed scans," require the


access privileges of an authorized user. Instead of just looking at an
app from the outside, the scanner can see what a logged-in user would
see. These scans illustrate what a hacker could do with a hijacked account
or how an insider threat might cause damage.


6. Vulnerability scanning versus penetration testing
Vulnerability scanning and penetration testing are distinct but related
forms of network security testing. While they have different functions,
many security teams use them to complement one another.

Vulnerability scans Penetration testing


Vulnerability scans are automated, Penetration testing, or pen testing, is a
high-level scans of assets. They find manual process. Pen testers use ethical
flaws and report them to the security hacking skills to not only find network
team. vulnerabilities but also exploit them in
simulated attacks.

Vulnerability scans are cheaper and Penetration tests require more resources but
easier to run, so security teams use can help security teams better understand
them to keep tabs on a system. their network flaws.

You might also like