Once vulnerabilities have been identified through scanning and assessed, an organization can pursue a remediation path, such as patching vulnerabilities, closing risky ports, fixing misconfigurations, and even changing default passwords, such as on internet of things (IoT) and other devices.

The Benefits of Vulnerability Scanning

Vulnerability scanning is a vital part of your security team’s overall IT risk management approach for several reasons

The Main Types of Vulnerability Scans

Some of vulnerability scanning tools are comprehensive in their coverage, able to perform multiple types of scans across heterogeneous environments that include on-prem, Unix, Linux, Windows, cloud, off-site, and onsite. Other scanning tools serve particular niches, so it’s always critical to thoroughly explore your use cases before investing in a scanner.

Let’s now explore some different types of vulnerability scans, which each have their place, depending on your use cases.

Credentialed Scans Versus Non-Credentialed Scans

Credentialed and non-Credentialed scans (also respectively referred to as authenticated and non-authenticated scans) are the two main categories of vulnerability scanning.

Non-credentialed scans, as the name suggests, do not require credentials and do not get trusted access the systems they are scanning. While they provide an outsider’s eye view of an environment, they tend to miss most vulnerabilities within a target environment. So, while they can provide some valuable insights to a potential attacker as well as to a security professional trying to gauge risk from the outside, non-credentialed scans giver a very incomplete picture of vulnerability exposure.

On the other hand, credentialed scans require logging in with a given set of credentials. These authenticated scans are conducted with a trusted user’s eye view of the environment. Credentialed scans uncover many vulnerabilities that traditional (non-credentialed) scans might overlook. Because credentialed scans require privileged credentials to gain access for scanning, organizations should look to integrate an automated privileged password management tool with the vulnerability scanning tool, to ensure this process is streamlined and secure (such as by ensuring scan credentials do not grow stale).

Here are some other ways that scans may be categorized, based on use case.

External Vulnerability Scans

These scans target the areas of your IT ecosystem that are exposed to the internet, or are otherwise not restricted to your internal users or systems. They can include websites, ports, services, networks, systems, and applications that need to be accessed by external users or customers.

Internal Vulnerability Scans

These scan and target your internal corporate network. They can identify vulnerabilities that leave you susceptible to damage once a cyberattacker or piece of malware makes it to the inside. These scans allow you to harden and protect applications and systems that are not typically exposed by external scans.

Environmental Scans

These scans are based on the environment that your technology operates in. Specialized scans are available for multiple different technology deployments, including cloud-based, IoT devices, mobile devices, websites, and more.

Intrusive Versus Non-Intrusive Scans

Non-intrusive scans simply identify a vulnerability and report on it so you can fix it. Intrusive scans attempt to exploit a vulnerability when it is found. This can highlight the likely risk and impact of a vulnerability, but may also disrupt your operational systems and processes, and cause issues for your employees and customers — so use intrusive scanning with caution.

Challenges to Comprehensive Vulnerability Scanning

There are several challenges that arise in conducting vulnerability scanning:

A scan only represents a moment in time

Most scans are “snapshots,” not continuous. Because your systems are changing all the time, you should run scans regularly as your IT ecosystem changes

A scan may need human input or further integrations to deliver value

Although the scanning process itself is easily automated, a security expert may still need to review the results, complete remediation, and follow-up to ensure risks are mitigated. Many organizations also integrate vulnerability scanning with automated patch management and other solutions to help reduce the human administrative burden. Regardless, the scan itself is only an early step in the vulnerability management lifecycle.

A credentialed scan may require many privileged access credentials

Depending on how thorough a scan is desired. Therefore automating management and integration of these credentials with scanner should be considered to maximize both the depth of the scan, and privileged access security.

A scan only identifies known vulnerabilities

A vulnerability scanning tool is only as good as its database of known faults and signatures. New vulnerabilities emerge all the time, so your tool will need to be continually updated.

What to Look for in Vulnerability Scanning and Risk Assessment Tools

The four following capabilities should top your list of priorities when assessing the suitability of a vulnerability scanning for your enterprise:

Frequency of updates

Your vulnerability scanner database should be continually updated with the latest identified vulnerabilities

Quality and quantity of vulnerabilities

Your scanner should strike the right balance between identifying all vulnerabilities, while minimizing false positives and negatives, and providing high-quality information on flaws, threat priorities, and remediation pathways.

Actionable results

Your scanning tool should provide comprehensive reports that allow you to take practical, corrective actions.

Integrations

Your vulnerability scanner should fit seamlessly into your vulnerability management program, which should include patch management and other solutions.

Implemented correctly, a vulnerability scanning tool is instrumental to identifying and assessing modern security risk, providing your organization with the insight it needs to take corrective actions, comply with regulatory frameworks, and maintain a strong cybersecurity posture.