Network Vulnerability Scanners

Vulnerability scanners are automated tools that allow organizations to check if their networks, systems and applications have security weaknesses that could expose them to attacks. Vulnerability scanning is a common practice across enterprise networks and is often mandated by industry standards and government regulations to improve the organization’s security posture.

There are many tools and products in the vulnerability scanning space that cover different types of assets and offer additional features that help companies implement a complete vulnerability management program — the combined processes related to identifying, classifying and mitigating vulnerabilities.

External and internal vulnerability scans

Vulnerability scans can be performed from outside or inside the network or the network segment that’s being evaluated. Organizations can run external scans from outside their network perimeter to determine the exposure to attacks of servers and applications that are accessible directly from the internet. Meanwhile, internal vulnerability scans aim to identify flaws that hackers could exploit to move laterally to different systems and servers if they gain access to the local network.

The ease of gaining access to parts of the internal network depends on how the network is configured and, more importantly, segmented. Because of this, any vulnerability management program should start with a mapping and inventory of an organization’s systems and a classification of their importance based on the access they provide and the data they hold.

With the widespread adoption of cloud-based infrastructure in recent years, vulnerability scanning procedures must be adapted to include cloud-hosted assets as well. External scans are especially important in this context because misconfigured and insecure deployments of databases and other services in the cloud have been a common occurrence.

Authenticated and unauthenticated vulnerability scans

Vulnerability scans can be authenticated and unauthenticated, or credentialed and non-credentialed. The non-credentialed scans discover services that are open on a computer over the network and send packets on their open ports to determine the version of the operating system, the version of the software behind those services, if there are open file shares, and other information that is available without authenticating. Based on those details, the scanner searches a vulnerability database and lists what vulnerabilities are likely to exist on those systems.

Authenticated scans use login credentials to collect more detailed and accurate information about the operating system and the software installed on the scanned machines. Some programs might not be accessible over the network but can still have vulnerabilities that are exposed to other attack vectors such as opening maliciously crafted files or accessing malicious web pages. Some vulnerability assessment solutions use lightweight software agents deployed on computers in addition to network scanners to get a better picture of the security state of various systems in the organization.

Continuous vulnerability management

When performed monthly or quarterly, vulnerability scans only provide a snapshot in time and do not reflect the security posture of the tested systems in between scans. This can lead to significant blindspots and is why the security industry recommends increasing the frequency of vulnerability scanning as part of an approach called continuous vulnerability management.