As the name implies, vulnerability scanner is software designed to scan a network or system (such as a server, router, or a PC) for security threats. On identification of any threat, it reports back to the active IP (Internet Protocol), open ports, operating systems, software, and services which are installed and running on the system. Once the report is received, the scanner compares the information with the known vulnerabilities present in its database or the database belonging to the third-party, such as OVAL, CVE, OSVDB, etc. The scanner labels the reported vulnerabilities in three categories-Critical, Major and Minor. It can also detect the malicious elements like Trojans present on the ports of the system.
However, not all scanners function in the same manner. Most of the low-end or free vulnerability scanners just scan a network and report a remedial measure. On the other hand, scanners which are more-feature rich, deploy harness the collective benefits of penetration testing and patch management.
Types of Vulnerability Scanner
1. Software Based
A software-based vulnerability scanner includes configuration editing, penetration testing, target profiling, and a detailed analysis of vulnerability. In order to provide intelligent patch management, they integrate with Window products like Microsoft System Center and also work with the device managers. These scanners have the ability to do vulnerability scanning not only on the servers, network devices and workstations, but also the BYOD mobile devices and virtual machines as well.
2. Cloud Based
This variant of cloud based vulnerability scanner, is available as a SaaS or Software as a Service and is delivered on demand of the administrators of an organization. These scanners provide hands-fee and continuous monitoring of all the devices and computers on all the available network segments. They are also apt for scanning the cloud services like Amazon EC2.
Conlusion
Vulnerability scanning is must for organizations, keeping in view the large number of routers, segments, firewalls, servers and devices. For small scale organizations, cloud-based vulnerability scanners are apt as these works on annual license, costing around $1,000-$1,500. This not only is not only convenient in terms of the investment but also does not require additional workforce.
However, not all scanners function in the same manner. Most of the low-end or free vulnerability scanners just scan a network and report a remedial measure. On the other hand, scanners which are more-feature rich, deploy harness the collective benefits of penetration testing and patch management.
Types of Vulnerability Scanner
1. Software Based
A software-based vulnerability scanner includes configuration editing, penetration testing, target profiling, and a detailed analysis of vulnerability. In order to provide intelligent patch management, they integrate with Window products like Microsoft System Center and also work with the device managers. These scanners have the ability to do vulnerability scanning not only on the servers, network devices and workstations, but also the BYOD mobile devices and virtual machines as well.
2. Cloud Based
This variant of cloud based vulnerability scanner, is available as a SaaS or Software as a Service and is delivered on demand of the administrators of an organization. These scanners provide hands-fee and continuous monitoring of all the devices and computers on all the available network segments. They are also apt for scanning the cloud services like Amazon EC2.
Conlusion
Vulnerability scanning is must for organizations, keeping in view the large number of routers, segments, firewalls, servers and devices. For small scale organizations, cloud-based vulnerability scanners are apt as these works on annual license, costing around $1,000-$1,500. This not only is not only convenient in terms of the investment but also does not require additional workforce.
No comments:
Post a Comment