How to Make the Best Out Of A Vulnerability Scanner
As your knowledge and experience in security increases, you start looking at a variety of security solutions that could help you do a better job and automate many of the processes. One of the first products that you would probably test is a vulnerability scanner. That’s an excellent first step but now comes the harder part, if you are new to vulnerability scanning, how do you go about making effective use of this solution?
Not all vulnerability scanners are the same and some of the functionality mentioned in this article may or may not be available to you; however I recommend that you go for a solution that gives you as wide a range of features as possible.
Inventory
Most good vulnerability scanners will keep an eye on the hardware and software deployed on your network. This is very valuable information. Run an inventory on your network to ensure that you are aware of everything that is installed and that it has been approved for use. Once completed set your vulnerability scanner to notify you of any changes from this baseline.
Scheduled scans
If your vulnerability scanner allows you to configure a periodic scan, create a schedule to scan your network daily. Select a time that least impacts your organization because a vulnerability scan can be slightly disruptive.
Port scanning
Malware can be stealthy and hide itself in several ways, therefore the more methods in use, the higher the rate of detection. Take note of any open ports each system has and look out for ports that should not be open and investigate further since this may indicate the presence of malware.
Patch management
A good vulnerability scanner will let you know what patches are missing on your system. Most will also allow you to deploy the patches. Before that, however, it is best practice to set up a testing environment that mirrors your live environment. This test network can be based on the inventory previously obtained using the vulnerability scanner. Test the missing patches on this test environment to ensure that they do not conflict with the current network setup – if all is well deploy them to the live environment.
Other vulnerabilities
Not all vulnerabilities can be addressed through patch management; some do not have patches available and others are configuration related. A good vulnerability scanner will point these out, give you information on such vulnerabilities and provide you with information on how to address them.
Security policies and software
A good vulnerability scanner will outline the security policies set on each of the scanned machines. It will also check if the antivirus software installed is up to date.
Monitoring these six basic items will ensure you have the necessary information to keep your network secure.
Always keep an eye on hardware and software changes and update the test environment accordingly. Carry out frequent scheduled scans, look out for open ports, and set notifications so that you are informed when a new port is opened. Regularly apply patches and fix any vulnerabilities that are detected as soon as possible.
This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.
Not all vulnerability scanners are the same and some of the functionality mentioned in this article may or may not be available to you; however I recommend that you go for a solution that gives you as wide a range of features as possible.
Inventory
Most good vulnerability scanners will keep an eye on the hardware and software deployed on your network. This is very valuable information. Run an inventory on your network to ensure that you are aware of everything that is installed and that it has been approved for use. Once completed set your vulnerability scanner to notify you of any changes from this baseline.
Scheduled scans
If your vulnerability scanner allows you to configure a periodic scan, create a schedule to scan your network daily. Select a time that least impacts your organization because a vulnerability scan can be slightly disruptive.
Port scanning
Malware can be stealthy and hide itself in several ways, therefore the more methods in use, the higher the rate of detection. Take note of any open ports each system has and look out for ports that should not be open and investigate further since this may indicate the presence of malware.
Patch management
A good vulnerability scanner will let you know what patches are missing on your system. Most will also allow you to deploy the patches. Before that, however, it is best practice to set up a testing environment that mirrors your live environment. This test network can be based on the inventory previously obtained using the vulnerability scanner. Test the missing patches on this test environment to ensure that they do not conflict with the current network setup – if all is well deploy them to the live environment.
Other vulnerabilities
Not all vulnerabilities can be addressed through patch management; some do not have patches available and others are configuration related. A good vulnerability scanner will point these out, give you information on such vulnerabilities and provide you with information on how to address them.
Security policies and software
A good vulnerability scanner will outline the security policies set on each of the scanned machines. It will also check if the antivirus software installed is up to date.
Monitoring these six basic items will ensure you have the necessary information to keep your network secure.
Always keep an eye on hardware and software changes and update the test environment accordingly. Carry out frequent scheduled scans, look out for open ports, and set notifications so that you are informed when a new port is opened. Regularly apply patches and fix any vulnerabilities that are detected as soon as possible.
No comments: