Home Cloud Computing Cloud Security Vulnerability Scanning

Vulnerability Scanning

Vulnerability Scanning

vulnerability-scanning-335px…is a security service where a provider tests your network for vulnerabilities and poor configurations without exploiting them.

Commonly confused with Penetration Testing vulnerability scanning is easily described as a passive check of your network. Consultants regularly use the example of a house which is not entered but the doors and locks are checked unlike a penetration test where entry is gained.

There are many vulnerabilities providers operating today each with unique strengths and weaknesses with many credit card providers certifying vendors as being compliant with payment card audits.

Regulated industries and potentially organisations that fall under the scope of PCI-DSS (credit card payment standards) are required to conduct regular vulnerability scanning and penetration testing of the network.

With large scale credit card theft and database hacking, vulnerability testing has moved beyond being a luxury to becoming an essential part of an organisations security posture; with the costs of the test far outweighing the potential reputational harm and loss of service.

There are compelling advantages for any organisation that wishes to use a cloud based vulnerability scanning service. We have listed out some of these advantages below to help guide your decision.

plus-point  Protect your online assets

Knowing where the weak areas of your network are allows your IT team to close these vulnerable points by system patching or reconfiguring software.

plus-point  Conform with regulatory requirements

Many organisations are required to conduct regular security testing of their network and systems. A thorough vulnerability scan will provide a report that shows the strength of your network and your organisations commitment to protecting systems.

plus-point  Non Intrusive

Vulnerability scanners are a great way to test systems without exploiting vulnerabilities and causing potential system downtime.

plus-point  Latest system and threat technology

Using a cloud vulnerability scanning system delivers to the subscriber the latest technology and web-based threats that a hacker would use to breach your systems. Being current and up to date in terms of exploits and threats is essential to ensuring zero-day threats are mitigated.

plus-point  Test the claims of security vendors

Marketing around security products tends to provide levels of trust which sometimes are not borne out by the products when tested. When conducting a vulnerability test check whether your current systems have detected the threat and logged the intrusion and the tools used to conduct that intrusion.

With any technology deployment there are things to keep in mind and consider. We have listed out potential pitfalls to consider when purchasing a vulnerability scanning service.

moot-point  Notifications

Always inform your internet service provider that you intend to conduct a vulnerbility test, inform them about the scope of the test and the systems that are within the testing pool. Be aware that illegally accessing or testing intermediate systems that you do not own (such as an ISP’s router) may leave your organisation open to breaches of the computer misuse act.

moot-point  Support

What advice and support does the vulnerability testing provider offer? And does this match your internal skill-sets? Use a consultant if you find that a lack of understanding of the system may hamper your testing.

moot-point  Understanding and interpreting results

Vulnerability test results may run into many pages of content. Ensure that your provider offers a simple easy to understand reporting structure that prioritises areas that need to be addressed.

moot-point  Re-testing

Never subscribe to a one off test always do multiple tests until all high severity items are addressed and patched or hardened.

moot-point  Certification

Not all vulnerability testing suites are certified and accepted by banks and other payment card providers. Check that the system you’re proposing to use will allow you to be certified by your payment card provider as passing the PCI-DSS standard.

At Compare the Cloud, we’re here to help you get started and to identify suitable technology partners to help with your deployment. Take a few minutes to tell us about your company in our Cloud Discovery Q&A, and we’ll present you with some informed options – and help you take full advantage of vulnerability testing and selecting a vulnerability scanning testing provider for your needs.

Latest Blogs, News & Posts on Vulnerability Scanning

[ajaxgrid post_type=”post” cats=”41″ ppl=”6″ orderby=”date” order=”DESC”]