Vulnerabilities are a part of life.
You have them, I have them, his dog has them, her cat has them.
Basically, everyone has them. Even machines and systems that we think might be so perfect and accurate, has them.
However, how we respond and react to them is what distinguishes us from the rest.
Let me share with you a piece of statistic from USA Today:
Billions of people were affected by data breaches and cyber attacks in 2018 – 765 million in the months of April, May, and June alone – with losses surpassing tens of millions of dollars, according to global digital security firm Positive Technologies.
Were you one of them?
No?
Well, you might say no now. However, in these cases, if data security and potential breaches of security are not being actively monitored and mitigated, it’s not a question of IF, but rather WHEN.
So let me ask you:
Do you think your company system is secure? Is it immune to power outages, cyber attacks and security breaches?
One thing you need to know is that every time a computer is connected to the internet, there is a risk that a hacker is out there waiting for the next opportunity to take advantage of a new vulnerability. This needle in the cyber-haystack can then wreak havoc on networks and computers.
Most disconcerting to Decision Makers and IT Managers is the fact that they are able to worm their way into a network and steal proprietary or customer information and other data critical to the company.
This is why any company that keeps customer data (PDPA) will feel obliged to heighten and ensure the security of their systems because the risk of NOT doing is too high.
So what I am trying to say is that, all companies, big or small, has vulnerabilities.
However, how each individual company responds and reacts to their vulnerabilities is different. Some respond to it by conducting a Penetration Test, while others decide to go with a Vulnerability Scan.
So what is Vulnerability Scanning?
If there is a good place to start, it is at the beginning…with the DEFINITION.
Vulnerability Scanning is an inspection of the potential points of exploit on a computer or network to identify security weaknesses in a computer system. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment, and predicts the effectiveness of countermeasures.
A scan may be performed by an organization’s IT department or a Managed Service Provider (MSP). When you hire an MSP, you should expect that they will stay on top of updates, and monitor your system for any vulnerabilities on a regular basis. Even if your own IT department can conduct the vulnerability scan, it may be advantageous to hire an MSP, as comprehensive testing requires significant bandwidth and can be intensive on time and human resources, thus reducing productivity. Moreover, once vulnerabilities are detected, IT staff will have the burden of determining how to repair the vulnerability and secure the network.
Types of Vulnerability Scanning
Not all vulnerability scans are alike, and in order to ensure compliance with certain regulations, it is necessary to carry out 2 distinct types of vulnerability scans: an internal and an external vulnerability scan.
So what’s the difference?
External Vulnerability Scan
As the name suggests, an external vulnerability scan is carried out from outside an organization’s network. Its principal purpose is to detect vulnerabilities in the perimeter defenses such as open ports in the network firewall or specialized web application firewall. Hence, an external vulnerability scan can help organizations fix security issues that could enable hackers to gain access to the organization’s network.
Internal Vulnerability Scan
In contrast, an internal vulnerability scan is carried out from inside an organization’s perimeter defenses. Its purpose is to detect vulnerabilities that could be exploited by hackers who successfully penetrate the perimeter defenses, or equally by “insider threats” such as contractors or disgruntled employees who have legitimate access to parts of the network.
Unauthenticated and Authenticated Vulnerability Scans
A similar but not always identical variation of internal and external vulnerability scans is the concept of unauthenticated and authenticated vulnerability scans.
Unauthenticated scans, like external scans, search for weaknesses in the network perimeter, while authenticated scans provide vulnerability scanners with various privileged credentials, allowing them to probe the inside of the network for weak passwords, configuration issues, and misconfigured databases or applications.
Ok, so why do I need it?
Exposing our flaws and vulnerabilities can sometimes be beneficial when we are breaking down the walls of people in our lives in order to get closer to them. However, if exposing our vulnerability also means involuntarily exposing the vulnerabilities of everyone in our network, then you better build higher and more solid walls up.
1. Identify any Vulnerabilities
Vulnerability scanning lets you take a proactive approach to close any gaps and maintain strong security for your systems, data, employees, and customers. Data breaches are often the result of unpatched vulnerabilities, so identifying and eliminating these security gaps, removes that attack vector.
Therefore, periodic scanning of your network thus helps to identify vulnerabilities in the critical system that protects against outside threats.
It can also help to confirm that your security tools and systems in place are the most updated version there is available.
2. Checks your System’s Configuration
Vulnerability scanning can also help identify improperly configured systems that leave a network vulnerable. We all count on our IT departments to implement new systems in a secure manner. However, sometimes, it helps to have a fresh set of eyes look at the system top to bottom, to help support your team and guard against mistakes when they look through their rose-tinted glasses.
3. Prevents Complacency
How many of you live by the saying “if it ain’t broke, don’t fix it”?
I must say that I am too a culprit of this very bad habit.
So the problem is, if your system is vulnerable, things could run smoothly until someone finds the vulnerability and exploits it. Without testing, it could be “broke” and you just don’t know it yet. An independent assessment is often a great way to check if service levels are being achieved and systems are protected in the manner described in the contract.
4. Providing Customers with Assurance
Businesses and consumers are becoming increasingly aware of the importance of data protection. They demand a high degree of vigilance and risk awareness from their suppliers when it comes to cybersecurity. We’ve reached a point where some contracts can be won or lost based on your ability to protect customer information. Whether your business serves the consuming public or other businesses, a strong cybersecurity program that includes periodic vulnerability assessments can help you stand out from your competitors.
Vulnerability Scanning VS Penetration Test
Then you might ask me, what’s the difference between a Vulnerability Scan and a Penetration Test, and must I have both?
These two are often confused with each other, when in fact, these two security procedure are used for different purposes.
At the most basic level, vulnerability scanning aims to identify any systems that are subject to known vulnerabilities, while a penetration test aims to identify weaknesses in specific system configurations and organizational processes and practices that can be exploited to compromise security.
And while vulnerability scanning is highly automated, penetration testing on the other hand is manual and time-consuming.
So in layman’s terms, if a pen test is like getting your neighbour to test out your new lock by trying to break in, a vulnerability scan is like getting your lock provider to do an operational scan via his system to test the reliability of not only yours, but all of his customers’ locks.
And at this point, if you are still confused on what a penetration test is, that means you have not read my previous blog article.
But do I need both?
The benefit of having a pen test it that it is able to provide the most comprehensive evaluation of a system’s or application’s security by exposing them to real attackers using modern hacking tools. However, it’s impossible for penetration testers to check every single system in your company and identify every single vulnerability. Instead, the tests are usually a deep dive into a small group of target systems.
On the other hand, vulnerability scans can run constantly and scan very large networks. They cast a wide net but don’t include the human precision and creativity involved in a penetration test.
This is why personally, I would recommend combining the approaches.
You can run vulnerability scans frequently, then supplement them with less frequent penetration tests. This way, you get the best of both worlds, and you won’t have to worry as much about your company’s personal and customer data being at risk.
So when should my network be scanned?
Experts recommend that vulnerability scans should be performed at least quarterly, especially after new equipment is loaded or the network undergoes significant changes. The scans will detect if your equipment is compromised such as missing patches and outdated protocols, certificates, and services.
If you are interested in or still unsure about the vulnerability scan procedure, please do not hesitate to click the green button below to get in touch with us!
eVantage Technology is a professional and trusted IT solutions provider, dedicated to providing exceptional service to companies in Singapore and across Asia.