Vulnerability scanning uses specialised software to rapidly connect to each target host, identify listening services and check a database of tens of thousands of known security issues to see if the system is potentially vulnerable.
Examples of issues flagged up can be missing security patches, default credentials or unrestricted file shares. Given credentials it is possible to perform an authenticated scan for deeper assurance over a host’s configuration including checking against common secure build standards and compliance requirements.
Vulnerability scanning can often be used as a precursor to a full penetration test where potential issues are verified by our professional services team and used to move deeper into a target network.
4ARMED can provide a number of different types of vulnerability scan:
A one-off scan is relatively inexpensive and gives a point in time status for your network. Take a Managed Vulnerability Scanning contract with 4ARMED and we can perform regular scans and provide analysis of your improvement over time, giving you valuable feedback on the performance of your operations teams and insight into problem areas that may need investment. The cost per scan is also reduced.
Vulnerability scans can provide a large amount of coverage in a short space of time making them very cost effective for gaining insight into the current risk in your network.
Hosting systems in an Amazon VPC? We can integrate our scanning platform securely into your virtual network to provide coverage of this environment.
Quickly identify the weak spots, even on a large network of thousands of systems.
Regular scheduled scans or quick one-offs. Vulnerability scans are easy to set up and run.
The two primary considerations with a vulnerability scan are:
Where are the target systems located? Are they on an internal network? If so, we will need to be physically connected to a network that can connect to the targets. Scanning can be done via wireless if essential but it generally works much better by good old fashioned copper.
If you have Network Access Control in place, an exception may need to be put in place for our testers’ laptops in order to facilitate the engagement.
If the systems are in a virtual network we can deploy scanning engines either into the environment itself or configure security groups such that our cloud-based scanners can access the targets.
For external scans we conduct these from our cloud-based scanning engines over the Internet.
The second primary consideration is whether or not you wish to undertake a credentialed scan. By authenticating to the devices with administrator credentials we can achieve a far deeper level of assurance and identify issues that may be masked by other controls such as host-based firewalls. For example, if you’ve got a system that’s never been patched since it was deployed three years ago and relies on a firewall to prevent remote exploitation this might not get picked up by an unauthenticated scan. However, there is still considerable risk with that system as it is relying on a single control that could fail or be disabled.
Once the type of scan and scope has been agreed and authorised we will schedule and deliver the scan. Our consultants will review the output, remove obvious false positives and collate the findings into a report with an optional technical analysis and executive summary, depending on your needs.
Our consultants will be available to discuss the findings and provide advise on remediation as appropriate. An optional wash-up call can be scheduled to go over any questions you may have.