Choosing the right vulnerability scanning tool

In cyber security, the best way to repel attacks is to fortify your defenses. And that means that you have to know how secure your IT infrastructure and applications are against exploitation by hackers, malware and other types of threats. Vulnerability scanning is one such way where a comparison can be made between a third party database and your systems to pick out loopholes such as ports, cross-site scripting, SQL injection, command execution, directory traversal and insecure configurations. This report is used by your system and network admins to correct any vulnerabilities discovered on a regular basis.

Skybox® Security 2015 Enterprise Vulnerability Management Trends Report stated that most important use case in vulnerability assessment was determining risk level, followed by prioritizing vulnerabilities. While vulnerability scanning has come of age, of importance has been which tools and which database to reference for best success. Of course, new cyber security vulnerabilities appear daily and I bet that catching a zero-day vulnerability using a scanner isn’t going to happen anytime soon. So it is important that IT organizations invest in a set of tools that can help them deal with the ever changing vulnerabilities landscape.

Vulnerability databases

The most common vulnerability reference databases include OVAL and CVE. OSVDB was in this list but as of April this year, they chose to shut down their Open Sourced Vulnerability Database (OSVDB), blaming the industry for not contributing and supporting this effort. CVE and OVAL (which transitioned to Center for Internet Security) are free for use, and depend on industry and community contributions to update their vulnerability databases.

Vulnerability Scanners

According to Gartner’s Market Guide for Vulnerability Assessment released last November, while the market seems mature for vulnerability scanners dealing with traditional IT, while it comes to the new world of cloud and mobile, support is immature and sporadic. Significant investment is required as many organizations are now prioritizing cloud strategies and BYOD is all the rage. I think that this lends credence to the fact that security concerns around cloud hosting continue to prevail.

Only five vendors (BeyondTrust, Rapid7, Tenable Network Security, Tripwire and Qualys) have the lion’s share of 80% of the vulnerability assessment market which shows that the enterprise market is covered in this regard. Skybox® Security report shows that over 60% of companies surveyed use more than one scanner which I see as a no brainer given that to cover all bases, more than one reference point should be used in any vulnerability scan.

On Premise vs Cloud Vulnerability Scanners

A choice for CIOs and IT Directors to make has to be whether to invest in an onsite vulnerability scanner or a cloud based solution. While the former is faced with the challenge of upfront capital costs as well as management and resource overheads, it gives a better assurance with regard to control and security, particularly if you think that your vulnerability can be somewhere in a public cloud. I believe that this choice is mostly driven by enterprise size, geography cost and IT strategy.

Which tool for you?

In my opinion, the market is still growing for VA solutions that will encompass both traditional desktops servers and modern cloud and mobile devices. The reality is that these vulnerability scanning tools give huge reports based on detected vulnerabilities, something that information security analysts and system administrators find hard to grapple with. Fixing them can take weeks yet the expectation by management is that vulnerability assessments should be done almost daily. So any VA tools that can interface with operational configuration tools will come as a great bonus for anyone looking for effectiveness in vulnerability management through techniques such as threat intelligence correlation, asset risk or attack path modeling.

What next?

When it comes to IT security, talk to NIC, a premier managed service provider in cyber security in Los Angeles. Our expert cyber security team help you develop a fully-integrated vulnerability assessment plan that keeps constant vigilance unique not only to your industry but to your overall company.  Contact us today and benefit from world class advice on how to deal with vulnerabilities.

Providing solutions to fit your organization’s IT needs

IT Partner