Vulnerability scanning, the inspection of the network to detect any potential areas prone to exploit, is an essential part of a strong security posture. But how do you know if the type of scans you’re running, or the frequency of the scans is enough to protect your network?
Vulnerability Scanning Methods
Many businesses run a “point in time” scan on a regularly scheduled basis, often quarterly or even annually. These point in time scans can help identify major network vulnerabilities and offer time between them for any necessary remediation.
Another approach is continuous scanning, which is done constantly, with software crawling the network to look for evolving threats or new vulnerabilities that may have been introduced with a new update or application install.
Which Approach is Best?
When considering which approach to vulnerability scanning is best of your business, there are a few things to keep in mind.
- Are you in a highly-regulated industry?
- Are you in compliance with SOX, PCI, or HIPAA?
- Do you frequently make changes to your network?
- Do you frequently install or update software?
- Do you store confidential or sensitive business data?
If any of these factors apply, you may want to consider continuous vulnerability scanning rather than a point in time scanning.
Taking a proactive approach to vulnerability scanning will help you stay ahead of any areas of your network that are vulnerable or are inadvertently made vulnerable by a recent software update.
While being aware of any vulnerabilities in your network is a critical part of maintaining a strong security posture, actually fixing them is important too. That’s where remediation comes in, as well as the importance of having a remediation plan.
There are several aspects to effectively managing vulnerabilities:
- Asset Management – Know what your assets are and where they are located
- Vulnerability Identification – Vulnerability scanning to find potential points of exploit
- Risk Assessment – Once vulnerabilities have been identified, rank the risk they pose
- Change Management – Track any changes to your network, hardware, or software
- Patch Management – Patching should be done on a regular basis to avoid undue risk
- Incident Response – Have a plan in place to proactively address an issue when it occurs
Having a schedule and process to manage your assets, changes, and patches will help mitigate your risk.
An asset inventory should be performed annually to keep track of all of your assets, both physical and on the network. By knowing exactly what you have and where it is, you can better manage your assets and protect them.
Identifying vulnerabilities is part of what vulnerability scanning should do. However, you may become aware of vulnerabilities through other channels as well. Keep track of known vulnerabilities, the risk they pose, and any remediation plans.
Assessing the risk of any vulnerability discovered during a scan will help you prioritize any remediation work that needs to be done. When assessing risk and scheduling remediation consider the likelihood of a vulnerability being exploited, the time and resources it will take to fix the issue, and whether there are any known solutions or patches that address it.
Scheduling and tracking changes to your network, hardware, or software will help you avoid running too many installs at once, which can cause network issues. It is also helpful in the event a change needs to be reversed due to a performance or security issue.
Keeping up with patches, which are regularly released from vendors, will help protect your network. Patches are often created to protect against vulnerabilities that hackers have discovered and exploited. Having a schedule to install patches and update software regularly can keep you ahead of the hackers.
In the event of a breach, should be able to address and remediate any issues quickly. Which bring us to incident response, another crucial part of an effective remediation plan. Being able to respond to a breach quickly reduces the impact it has on your business and the likelihood that the hacker can access regulated or sensitive data. Having a dedicated incident response team, or having someone on call, as well as equipping them with the right tools for the job means that someone should be able to identify and respond to a threat proactively.
Having an incident response plan is also recommended. An incident should set off a series of actions to protect the network, such as a vulnerability scan, a network monitoring scan and other actions to identify the point of entry and any data that may have been affected.
A Layer of Protection
Your data is valuable. Using consistent scanning and remediation practices will help you protect it in an evolving security environment. Vulnerability scanning is not the beginning and end of your security policy, but it offers a layer of protection for your network.