Vulnerability Management and Scanning at Your Service

May 3, 2021
IT Security

Among the terminology increasingly used in the IT security field is the phrase “vulnerability management.” It’s the process of identifying, categorizing, prioritizing, and remediating vulnerabilities in operating systems (OS), browsers, cloud or on-premises enterprise applications, and end-user applications. Vulnerabilities can range from communication ports open to the internet to insecure configurations of either software or OSs.

But if you’ve got a firewall and antivirus software in place, are vulnerabilities that big of a threat? Even if a vendor identifies a few issues in its software, is it that difficult for your IT team to stay on top of newly identified vulnerabilities and apply the necessary patches?

The Growing Problem of Vulnerabilities

Perhaps the following puts the vulnerability management situation in perspective.

According to a study of more than 800 global business and cybersecurity leaders, 94% had experienced a business-impacting cyberattack or compromise over the past 12 months. In many of the cases, the root cause of the major breaches could be traced back to things like unpatched vulnerabilities, misconfigurations and asset blind spots ─ issues that a firewall or antivirus software can’t protect against.

Thousands of new vulnerabilities are identified every year, requiring organizations to patch operating systems (OS) and applications and reconfigure security settings across their network. A report from leading cyber exposure company found that 18,358 Common Vulnerabilities and Exposures (CVEs) were reported in 2020.

Many originate with Microsoft. For its monthly patch release in April 2021, Microsoft addressed 108 CVEs, as well as four new remote code execution vulnerabilities in Microsoft Exchange Server. It’s not uncommon for Microsoft to release over 100 patches in any given month. Given that Microsoft 365 alone is used by over a million companies worldwide, with over 650,000 companies in the United States using the office suite software, that translates into a lot of companies that have to devote time to a lot of patching.

Vulnerabilities also increase with the attack surface. Not that long ago, an attack surface simply consisted of traditional IT assets such as servers and networks. Today’s attack surface is much bigger and continues to expand, with mobile devices virtual machines, cloud infrastructure, web apps, containers and IoT devices contributing to the growth.

The Role of Vulnerability Scanning

Keeping on top of the ever-changing threat landscape and the continuous emergence of new vulnerabilities is challenging. Plus, vulnerabilities can only be managed if they’ve been discovered. This is where vulnerability scanning – a key aspect of vulnerability management – comes into play.

A vulnerability scanner is a software program that assesses networks, computers and other endpoints, and applications for known weaknesses. It’s typically delivered via a device placed on the network, and used to identify security holes across servers, firewalls, and more.

Most scanning tools can classify and categorize vulnerabilities to help prioritize the most serious issues. Some can also facilitate the creation of reports about a network’s security status once vulnerabilities have been addressed. This is particularly important if an organization is required to show compliance with relevant regulations.

External and Internal Vulnerability Scans

There are two basic types of network vulnerability scans: external or internal.

  • External scans are performed from outside their network perimeter to determine the exposure to attacks of servers and applications that are accessible directly from the internet. These scans provide an “outside in” view with the goal of detecting vulnerabilities in the perimeter defenses such as open ports in the network firewall.
  • Internal scans are carried out from inside an organization’s perimeter defense. The idea is to detect vulnerabilities that could be exploited by hackers who penetrate the perimeter defenses. Internal scans can also identify the potential for “insider threats”, such as disgruntled employees who have legitimate access to parts of the network.

External scans should cover cloud-hosted assets as well, since misconfigured and insecure deployments of databases and other services in the cloud can pose serious vulnerabilities.

Organizations may not need both types of scans, but conducting external and internal scans provides a much clearer picture of their overall security. That enables them to be proactive in addressing issues before they become problems.

In addition, some organizations may be subject to industry standards that require them perform both types of scans.  For example, the Payment Card Industry Data Security Standard (PCI-DSS) requires organizations to perform both external and internal vulnerability scans quarterly, as well as every time new systems or components are installed, network topology changes, firewall rules are modified, or software is upgraded.

Agent-based: The Other Scan

However, it’s not always possible or practical to conduct network scanning. For these situations, agent-based vulnerability scanning can be used. Agents are installed on hosts or endpoints. They’re designed to have minimal impact on the system and the network, providing direct access to all hosts without disrupting end users.

Agent-based scans offer numerous benefits. Among them: the ability to assess off-network assets and endpoints that intermittently connect to the internet, such as laptops, and to scan the devices regardless of network location and report results back to the manager. They also eliminate the need for credential management.

Vulnerability Management as a Service

So, the case for vulnerability management makes sense. The role vulnerability scanning plays in it does as well. Seems simple enough ─ except it all still requires time and at least some level of expertise for selecting, installing and configuring the scanning tools. There’s also the matter of what to do with the results of the scan. That’s why many companies that lack the necessary internal resources are looking to third-party sources to help with vulnerability management and vulnerability scanning. One option to consider is vulnerability management as a service (VMaaS) from US Signal.

With VMaaS, US Signal’s Security Operations Center (SOC) team will provide guidance in helping determine what scans are needed ─ internal, external, agent-based scans or a combination of them ─ and whether they’re needed only one time or on a weekly, monthly or quarterly basis. The team will then handle all vulnerability scanning tool setup, configuration, implementation, and management, freeing internal teams to focus on other endeavors. There are no capital expenses required, and fees are based on the services used.

If help is required for reviewing and responding to the scan results, US Signal can assist with that too. US Signal’s SOC Analysis service can be added to any scan. Drawing on IT security best practices and their own expertise, US Signal’s SOC team will analyze the vulnerability scan results and deliver a list of actions, prioritized to help address the most serious issues while making optimal use of available resources. Additional consulting services and assistance in implementing the recommendations are also available.

Learn More Now

If you’re interested in learning more about vulnerability management or how US Signal’s VMaaS can help your organization strengthen its security posture, let us know. Contact us for a free consultation. Use this form or  call (616) 988-0414.