What is Vulnerability Scanning?
Vulnerability scanners are technically computer programs that search systems for weaknesses. Hackers can take advantage of these weaknesses to breach a network and steal data or install malware.
SEE ALSO: Vulnerability Scanning FAQ
What is a PCI ASV?
The Payment Card Industry Data Security Standard (PCI DSS) requirement 11.2.2 calls for regular vulnerability scanning from an ASV. ASV stands for “Approved Scanning Vendor.” These are vendors with scanning solutions that have been tested, approved, and added to a list of approved solutions that can help fulfill this PCI compliance requirement.
What is the vulnerability scanning process like?
Vulnerability scans are automatic. They’re nonintrusive, similar to a security professional checking whether or not your front door is unlocked and letting you know if it is (while not entering your house). Vulnerability scans search your network and provide a logged summary of alerts you can review and act on.
If you are using SecurityMetrics’ ASV vulnerability scans and have an intrusion detection system or intrusion prevention system protecting your network, you may need to add our scanner's IP range to a whitelist or exclusion list for the scan to complete accurately.
What’s the difference between vulnerability scanning and penetration testing?
Penetration testing and vulnerability scanning are often confused for the same service. The problem is, business owners purchase one when they really need the other.
While a vulnerability scan is an automated, high-level test that looks for and reports potential vulnerabilities, a penetration test is a thorough, live examination designed to exploit weaknesses in a system. A vulnerability scan will report on potential vulnerabilities while a penetration test is designed to go beyond reporting and exploit vulnerabilities. Penetration tests discover what other security issues could be pivoted to after exploiting an issue.
The "gray area network" at large organizations
Large businesses and franchises often have one central headquarters and many smaller remote or satellite locations. Some may even include telecommuting employees. While security efforts like vulnerability scans and penetration tests tend to focus on headquarters, remote locations can be just as critical for your network security.
At SecurityMetrics, we've seen entire headquarters' operations "held ransom" by malware that was initially downloaded onto the network through a remote franchise location. Situations like this are due in part to the "gray area" that tends to surround remote locations, where "who's responsible" for security can get fuzzy. Is the headquarters responsible for data security and compliance? Or is it the franchise? What about employees working from home? How trustworthy is their home network?
What can be done to help mitigate the risks gray area networks present to your network while privacy and control are still retained by the respective network owners?
Protecting Networks from Attacks
Working backwards from large corporate data breaches, we've been able to pinpoint some of the most common attack vectors used in network breaches:
- Phishing emails
- Social engineering
- Gray area network attacks from franchise, employee, or 3rd-parties making remote connections.
- Less secure networks with intermittent access into more secure networks.
If you are a large franchise or corporate entity with many remote locations, it's crucial to find a network security company that can provide vulnerability scans, penetration tests, and other security services that include the “gray area” of networks to monitor for threats, vulnerabilities and malicious activity while also providing assurance to network owners that they are still in control of their own networks and privacy.
Large corporate networks and structures can enforce and manage network security in a variety of ways. Since they typically need more network security than a basic home office or small business, they usually dedicate more resources, time, and even entire positions and departments to security.
For large organizations, vulnerability scanning can help save time in identifying serious risks such as misconfigured firewalls, malware hazards, remote access vulnerabilities.
SecurityMetrics Pulse: Discover threats across your attack surfaces
Pulse is a SOC/SIEM product that uses sensors in and around the attack surfaces at an organization’s different locations to monitor traffic and check for vulnerabilities, known bad IPs, and known bad actors. SecurityMetrics' SOC/SIEM monitors the data flow, watching for any anomalies or threats.
Once the top vulnerabilities have been identified, Pulse provides a summary that prioritizes the most critical vulnerabilities and compromised locations, saving employees from having to sift through the information manually. With this information, you’re ready to take action by tuning your systems accordingly and making adjustments to your security environment.
Pulse external security
Do you know what vulnerabilities threaten your external network security? Pulse scans for external threats to help you stay ahead of cyber criminals who attempt to exploit your organization’s locations through external vulnerabilities.
- Low cost per location
- Low-touch implementation (only requires account setup and external IP addresses), no on-site installation required
Pulse internal security
Pulse provides internal security that gives you visibility into what is happening on the inside of your extended network. The internal scans find the internal vulnerabilities (what a hacker would have access to if they got inside the network).
- Easy-to-install collector device that collects system events on the network and sends them to SecurityMetrics SOC/SIEM for analysis
- No network reconfiguration necessary
- Collector device allows internal vulnerability scans to be run inside each location (all-in-one)
George Mateaki (CISSP, CISA, QSA, PA-QSA) is a Security Analyst at SecurityMetrics with an extensive background in Information Security and 20+ years in IT.