Your information systems are at a constant risk of being exploited through one of the many vulnerabilities in your environment. Today's cloud-based vulnerability management solutions can offer scans, assessments and even managed security services. Here are four such services compared.If you think you can check security tasks off your to-do list because you installed some software and hardened some device configurations, you might want to read some recent information security assessments. A recent report from HP finds that 80 percent of vulnerabilities are due to improper configurations, incorrect file settings, out of date software and other deployment related issues.
Using software from a major vendor is no guarantee of more secure software; according to a Zero Day Initiative study, Microsoft Internet Explorer is the most targeted application for zero day vulnerabilities. The Online Trust Alliance has gone so far as to suggest that companies should assume they will experience a data breach and should plan their response accordingly. Risks and threats to your information systems are too dynamic to assume a "fix it and forget it" approach.
One way organizations can improve their overall security position is to collect information about their vulnerabilities. There are many different types of vulnerabilities and modes of entry into your environment. Are database servers running with default passwords? Is the software running on your routers the version with newly discovered vulnerabilities? Have developers deployed test environments with proper access controls? The number of vulnerability scanning services range from basic scans and assessments to those included with managed security services.
Vulnerability scanning typically uses a database of known vulnerabilities to scan device configurations, ports and applications. Some scans are relatively simple, such as determining if a port on a device is open, while others are more complex, such as assessing if a web database application is vulnerable to a SQL injection attack. Vulnerability scans can vary in the devices they scan, such as external devices accessible to any device on the Internet or internal devices behind firewalls. Some scans are designed to assess all devices on a network or subnet while others are targeted to a single application. If you are considering a vulnerability scanning service in order to comply with regulations, consider the type of reports available from the service that can document compliance with relevant regulations.
Securing an organization's information infrastructure is a complex, multifaceted task. Vulnerability scanning is one part of a comprehensive approach to security. Cloud-based vulnerability scanning services offer the advantages common to the SaaS model: minimal startup costs, low management overhead, and in some cases, pay for what you use pricing.
Vulnerability scanning services can be used for one time assessment of existing applications to help determine the optimal way to use code reviews and remediation resources to improve security. Cloud-based vulnerability scanning can also be used on an on-going basis to detect newly discovered vulnerabilities, keeping your systems in check.