…is a security service where a provider tests your network for vulnerabilities and poor configurations without exploiting them.
Commonly confused with Penetration Testing vulnerability scanning is easily described as a passive check of your network. Consultants regularly use the example of a house which is not entered but the doors and locks are checked unlike a penetration test where entry is gained.
There are many vulnerabilities providers operating today each with unique strengths and weaknesses with many credit card providers certifying vendors as being compliant with payment card audits.
Regulated industries and potentially organisations that fall under the scope of PCI-DSS (credit card payment standards) are required to conduct regular vulnerability scanning and penetration testing of the network.
With large scale credit card theft and database hacking, vulnerability testing has moved beyond being a luxury to becoming an essential part of an organisations security posture; with the costs of the test far outweighing the potential reputational harm and loss of service.
There are compelling advantages for any organisation that wishes to use a cloud based vulnerability scanning service. We have listed out some of these advantages below to help guide your decision.
Protect your online assets
Knowing where the weak areas of your network are allows your IT team to close these vulnerable points by system patching or reconfiguring software.
Conform with regulatory requirements
Many organisations are required to conduct regular security testing of their network and systems. A thorough vulnerability scan will provide a report that shows the strength of your network and your organisations commitment to protecting systems.
Vulnerability scanners are a great way to test systems without exploiting vulnerabilities and causing potential system downtime.
Latest system and threat technology
Using a cloud vulnerability scanning system delivers to the subscriber the latest technology and web-based threats that a hacker would use to breach your systems. Being current and up to date in terms of exploits and threats is essential to ensuring zero-day threats are mitigated.
Test the claims of security vendors
Marketing around security products tends to provide levels of trust which sometimes are not borne out by the products when tested. When conducting a vulnerability test check whether your current systems have detected the threat and logged the intrusion and the tools used to conduct that intrusion.
With any technology deployment there are things to keep in mind and consider. We have listed out potential pitfalls to consider when purchasing a vulnerability scanning service.
Always inform your internet service provider that you intend to conduct a vulnerbility test, inform them about the scope of the test and the systems that are within the testing pool. Be aware that illegally accessing or testing intermediate systems that you do not own (such as an ISP’s router) may leave your organisation open to breaches of the computer misuse act.
What advice and support does the vulnerability testing provider offer? And does this match your internal skill-sets? Use a consultant if you find that a lack of understanding of the system may hamper your testing.
Understanding and interpreting results
Vulnerability test results may run into many pages of content. Ensure that your provider offers a simple easy to understand reporting structure that prioritises areas that need to be addressed.
Never subscribe to a one off test always do multiple tests until all high severity items are addressed and patched or hardened.
Not all vulnerability testing suites are certified and accepted by banks and other payment card providers. Check that the system you’re proposing to use will allow you to be certified by your payment card provider as passing the PCI-DSS standard.
At Compare the Cloud, we’re here to help you get started and to identify suitable technology partners to help with your deployment. Take a few minutes to tell us about your company in our Cloud Discovery Q&A, and we’ll present you with some informed options – and help you take full advantage of vulnerability testing and selecting a vulnerability scanning testing provider for your needs.