Vulnerability Assessments and Scanners | Important Features
To identify vulnerabilities that can compromise your security, performance, or functionality, you need to have a vulnerability assessment in place. It is a method used by a qualified provider of your network, applications, systems, and data. It is a tool that is used to analyze your environment and identify any vulnerabilities such as unpatched systems, poorly configured devices, or other existing exploits.
An essential first step is to run an asset discovery to evaluate your vulnerabilities is. It picks up any IT asset on your network and helps with hardware and software management, risk and compliance, and overall security management.
A must-have feature for a vulnerability scanner is that it should have the ability to automate asset searches. It allows you to identify new assets registered on the network. This can be particularly helpful if an unpatched IoT device is added to your network by a user that could pose a significant threat to your network. If you don’t know what you have on the network, you will have a hard time.
- The first step is to scan the network for vulnerabilities, an authenticated or non-authenticated scan. An authenticated scan is a vulnerability scan that is performed by an authenticated user with login credentials. It can be much more comprehensive. However, an authenticated scan can cause issues within your systems because it runs deep within your network and applications. So, you may want to start with the non-authenticated scan first.
- The non-authenticated scan performs a vulnerability scan by not using usernames or passwords during the scanning. You can think of this as a surface level scan. It often detects backdoors, expired certificates, unpatched software, weak passwords, and poor encryption protocols.
- Web application scan – A must-have for vulnerability assessment. Web application scanning uncovers malware, vulnerabilities, and flaws. During a web application scan, the assessor or scanner is looking for cross-site scripting, command injections, code injection, insecure cookies, and more.
In general, vulnerability assessments and scanning can usually uncover the following vulnerabilities:
- Card number disclosure
- Cross-site request forgery
- Common Backdoors Detection
- Backup Files
- Captcha Detection
- Session Fixation
- Source code disclosure
- SQL Injection
- LDAP Injection
- ASP Localstart
- Command Injection
- Auto-complete password fields
- Insecure Cookies
- Path Transversal
- Private IP address disclosure
- Code Injection
- Common Directories
- Directory Listing
- File Inclusion
- .htaccess LIMIT misconfiguration
- Response splitting
- Remote File Inclusion
A must-have feature for scanners because ensuring consistent compliance is essential today. The ability to define compliance rules based on the regulations and standards that the organization may face – HIPAA, PCI DSS, GLBA, FIECC, SOX, etc. Maintaining your information security policies across assets help you validate your security policies against industry regulations and your compliance.
To match up to your policies the scanner should allow you to create templates. Also, you should be able to monitor any configurations changes, patches, vulnerabilities, hardening and the policy compliance of IT assets, devices, and applications.
Vulnerability Management & Action Plans
After your organization has identified vulnerabilities from the assessment or scanner, it’s time to put together an action plan for these issues. A vulnerability assessment or scan could bring back hundreds or even thousands of different vulnerabilities. This is often a big headache for organizations that DIY a vulnerability scan using open source tools. You need to be able to sort vulnerabilities, prioritize by risk (high, medium-high, medium-low, and low), and delegate tasks to your security team for quick remediation.
Within the vulnerability assessment, your provider should offer a thorough timeline or roadmap to tackle the vulnerabilities with the biggest risk. The vulnerability management phase can be a tedious task for security teams. With prioritization and delegation, your security team can quickly address these issues.
A must-have feature for a scanner is to search for vulnerabilities and assign a risk score continuously. This way, your security team can respond to these potential threats in real-time. You might also consider using a managed security services provider that can offer managed vulnerability scans and compliance.
Vulnerability Reporting & Overall Risk Score
A dashboard that highlights the risk scores (high, medium-high, medium-low, and low) for all vulnerabilities. This will provide your organization with an overall risk score based on the volume and severity of vulnerabilities found within your network, applications, and IT assets and devices.
A centralized dashboard will provide you valuable insights. You can take these insights and work to continuously improve your security outlined by your provider. The overall risk score can be used to track the effectiveness of your security team in remediating security issues across time and report this to your Leadership Team.
Vulnerability assessments and scans can bring a light of improvement within your security program. Keep these key features in mind when evaluating an assessment provider or scan.
Julia Sowells698 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.