What you need to know about picking the right vulnerability scanner for your organization.
Not all vulnerability scanners are created equal, and despite what many think, there isn't a "one size fits all" scanner. Your business is unique; that also means you may have different vulnerabilities than the business next door.
To find the best vulnerability scanner, you need to learn about your business's needs.
See Also: SecurityMetrics Vulnerability Scanning FAQ
What will my vulnerability scanner do?Vulnerability scans assess your computer, network, and systems for potential vulnerabilities hackers could exploit. This is helpful for you to figure out where your business may be open to attack.
See Also: How Long are Businesses Vulnerable Before a Security Breach?
What types of vulnerability scans does my business need?There are two main types of vulnerability scans: internal and external.
- An internal vulnerability scan scans other hosts on the same network to identify internal vulnerabilities within a business network
- An external vulnerability scan works from a location external to your IPs and identifies known weaknesses in network structures.
Should I consider free vulnerability scanners?There are advertisements for free vulnerability scanners, but you basically get what you pay for. These scanners aren't PCI approved, and they don't scan deep enough into the systems to find anything. If you want a scanner that finds all the vulnerabilities, you'll need to pay the money.
How often should I do a vulnerability scan?
PCI DSS requires that you should do quarterly internal and external vulnerability scans. You should also scan after any significant change in equipment, software, or updates.
See if the organization providing your scanner will do unlimited scans per target to help minimize the cost.
How much does the vulnerability scan fulfill PCI requirements?
Most vulnerability scanners fulfill the basic requirements that PCI DSS has set up, but there are scanners that go beyond the requirements. If your business is dealing with sensitive information, it may be good to get a scanner that takes care of issues not specifically stated in PCI requirements.
How many false positives does the scanner report?
False positives are when a vulnerability scanner detects a vulnerability that isn't one. This usually happens with a bug that’s been patched up. When selecting a scanner, you’ll need to consider false positives. The more false positives, the more time you spend sifting through issues. An ideal scanner has few false positives.
How often does the scanner update?
The frequency of updates changes with each scanner. Some update monthly, weekly, or even daily. Since attackers are constantly changing tactics, you should find a scanner that updates frequently to combat these attacks.
Remember, when choosing your vulnerability scanner, you must decide what works best for your business. Consider you company’s unique needs and find the best scanner to keep your business secure.
Infographic: How to Choose the Best Vulnerability Scanner
Check out our infographic, How to Choose the Best Vulnerability Scanner, to help you select the right vulnerability scan tool for your organization.