Most people know that taking care of your personal health is important. We get regular check ups and try to keep ourselves as healthy and free of potential risks as best we can. During these check ups, a doctor will typically tell us about important health concerns, and recommendations to improve or fix any conditions we may have. They tell us what changes they have seen since the last check up, and how it may affect us. All of this is important to guide our life actions moving forward. For an organization, system networks are not that different and also require a measure of regular attention. Instead of going to the doctor’s office for regular check ups, organizations should take the responsibility to care for their networks with regular network vulnerability scanning. Regular network vulnerability scanning checks the health of the network, and provides feedback on what the organization’s needs to do to keep it safe from harm.
Some may ask what exactly does a network scan do? Is it harmful to their network? Well a network scan is a way to detect and understand vulnerabilities in their networks, devices, and communications equipment. The scanner collects information from the network in a non-invasive way then compares it to a known database. This is similar to how a signature-based antivirus program would work. For most good network scanners, these databases are regularly updated and maintained to provide the most up to date data possible. The scanning itself is not harmful to regular corporate networks other than possible increases in network traffic. Vulnerability scans typically are only identifying threats, rather than testing the exploitation of them.
Why scan regularly? Many organizations have a tendency to set up their networks, run initial tests to check their security, and then leave them without regularly testing them for new vulnerabilities. This can lead them to be at risk when systems are updated (or lacking updates), new things are added, or changes are made to it. Adding new software can be a big example of change. Unfortunately, software is not always built perfectly and without any vulnerabilities. They are designed to serve a specific need or purpose, and consideration about the ways it can be exploited can be missed. Even with a perfectly designed software, often times without regular updates and proper configurations, attackers can find workarounds to gain a foothold on a system or network.
Regular scanning also covers many compliance requirements for organizations. This includes both internal safety requirements as well as PCI (Payment Card Industry) requirements stating that internal and external network vulnerability scans be conducted at least quarterly and after any significant change in the network.
An organization should recognize that much like the above reference to doctor appointments, things can change on a very regular basis. Regular scanning helps identify both existing vulnerabilities on the network, and new ones that may have come from changes to the network.
Ok, so scanning regularly is a good idea, but what should be scanned on the network? The short answer to this is everything possible internally and externally. Do not skimp on where you scan. Run scans on all areas of the network so not to miss any potential risk.
External scanning can show what vulnerabilities are public facing, and most easily accessed by attackers and potential threats. Whereas internal scanning can show what vulnerabilities are on the network from within the restricted access side. While some may consider not scanning the internal side due to it not facing the public, this is a bad idea. The internal network may contain flaws that would allow such risks to be exploited by either an employee’s accidental actions or a purposeful attack. Internal networks are also threatened from external attackers that find pathways to access the internal side. Typically the internal network is where the most sensitive data is kept, and should be well protected. When internal networks are properly segmented, consider the access provided to the scanner, and if the scanning doesn’t see the whole picture of the network, as well.
It is important to understand the assets on the network, and their importance as well as the vulnerabilities that threaten them. What you do not know about what is happening on the network can in fact hurt you. Regular network scanning is the first step in discovering where the risks are within the network to build a stronger security posture.
Of course, vulnerability management should not stop with just scanning. Vulnerability management is a critical aspect of any company’s security. A proper plan should be in place to handle any situation. Results should be taken by the internal IT department, validated, and remediated. Where risks cannot be remediated, there should be other mitigating controls in place, whether through process or technology and known risks should be tracked and documented. This process should include a responsible party for the accepted risks associated. In cases where internal IT departments are not available, it would be suggested to hire on an outside managed IT service organization to help implement necessary changes to protect the business from harm. New vulnerabilities should be investigated to make sure that no unauthorized changes have been made to the network. This may lead to removing installed software instead of having to maintain updating it.
Not scanning or recognizing potential vulnerabilities can lead to risk of loss or tampering of information, which can greatly harm businesses of any size. Scanning is just the first stage in a larger security posture for any company’s security. Implementation of system management to keep track of software and firmware updates as well as configurations management to standardize configurations within the network is a must to protect all of the assets on an organization’s network.
Always remember to keep your network healthy and in shape for whatever dangers may come your way!