Nearly every industry and government IT security standard around the world, including the NIST Cybersecurity Framework, the Center for Internet Security (CIS 20), Australia’s Essential 8, the Department of Defense’s CMMC and PCI requires vulnerability scanning.
This almost universal requirement for network vulnerability scanning stems from its core function of identifying weaknesses in computers and networks that could be exploited by bad actors from either outside or within an organization.
The majority of successful data breaches are the result of attacks against known vulnerabilities: security gaps in software code, packet construction anomalies and unsafe default configuration are all examples of the kinds of weaknesses that hackers look for to gain access and control over computers and networks.
Different parts of an IT environment may need to be scanned from different vantage points to provide a complete risk assessment.
Vulnerability Scans are Typically Categorized as:
External Vulnerability Scans: Run from the outside to check a network’s firewall and other “perimeter” defenses, these scans target areas of an IT ecosystem exposed to the internet or not restricted to internal users and systems.
Internal Vulnerability Scans: Testing every device on a network, these scans help identify vulnerabilities that leave a business susceptible to damage once a hacker or malware makes it inside. They help boost protection for applications and systems that aren’t typically exposed by external scans.
Environmental Scans: These scans are based on the environment that a business technology operates in, such as cloud based, IoT devices, mobile devices, websites, etc.
Intrusive Scans and Penetration Testing: While basic vulnerability scans are typically non-intrusive scans, “brute-force” scans attempt to exploit a vulnerability when it’s found. This type of scan can be supplemented by trusted individuals who attempt to gain authorized access. Note that while this type of “Pen Testing” is the most stringent, it also may disrupt operational systems and processes, and cause difficulty for employees or customers.
In addition to validating the effectiveness of current security safeguards already in place, a vulnerability assessment provides an organization with details on security weaknesses in its environment. It also provides direction on how to assess the risks associated with those weaknesses.