Originally published July 30 2014 @ http://bit.ly/1qQojk9
Remember the Heartbleed bug? Of course you do. For most of us, the widespread vulnerability that came to light in April has left an indelible mark on our memories. In fact, depending on how well your institution has prepared its network and systems to handle such events, you might still be cleaning up the resulting mess.
If that’s the case, you wouldn’t be alone. Consider this all-too-typical example: there’s a bank that’s equipped with two to four public-facing servers, one firewall, one intrusion prevention system and 2,000 internal network hosts. When Heartbleed broke, that institution would have been tasked with manually checking each of those to determine their vulnerability to the bug—equaling weeks to months of work, with no guarantee that all problems would be caught. That is, unless the institution had enlisted a regular vulnerability scanning service.
Frequent vulnerability scanning—at least monthly—is a proactive measure that catches weaknesses before they cause harm. Through a scanning solution, a trusted vendor can quickly scan your entire infrastructure, then provide a thorough report that lists every host on your network that’s exposed to a vulnerability, so remediation can begin.
Scanning for network weaknesses once was considered optional, but times have changed. In our environments today, we have so many systems that are plugged into each other—servers, networks and IP-based devices—that vulnerability scanning should be part of day-to-day operations.
There are many options available—from the one-off scan that only tells you how bad your network is—to a monthly subscription, which also provides a trending analysis as well as reports for the board of directors and regulators. It’s also important to note that regular scanning procedures mirror the actions taken by auditors in their reports to regulators.
A proper vulnerability scan can quickly check hundreds, even thousands, of files for network vulnerabilities, as well as such host-based weaknesses as misconfigured file permissions, over-exposure to public networks, missing patches and problems with commonly exploited applications like Web and mail servers.
The most comprehensive scans also will:
- Perform credentialed configuration auditing of most Windows, Unix and network device platforms
- Complete non-intrusive scans to avoid network interruptions
- Deliver risk-level threat scoring for remediation prioritization
- Supply customized scan configurations for consistency and replication
- Execute remediation of external vulnerabilities
- Perform remediation of internal vulnerabilities utilizing a score-based method to prioritize most vulnerable systems
- Supply reports illustrating historical trending based on previous scanning
