[resources, glossary, vulnerability-scanning]

    vulnerability management

    Vulnerability Scanning

    What is Vulnerability Scanning?

    Vulnerability scanning is an automated process of assessing real-time IT asset inventories for potential cybersecurity vulnerabilities as soon as they’re reported as known risks.  

    A good vulnerability scanning application would be able to evaluate and prioritize the potential risk posed by identified vulnerabilities, as well as connect with the patch management system to remediate any vulnerabilities found. When assessing vulnerability scanners, it’s important to consider the way that they fit into the overall incident response plan for the enterprise, and how the tool reports the vulnerabilities found or remediated.

    Vulnerability scanning shouldn’t be confused with penetration testing. Vulnerability scanning is automated, while penetration testing is detailed and hands-on by a qualified expert.

    What are the Main Types of Vulnerability Scans?

    The biggest difference between the two main kinds of vulnerability scans is whether you provide the scanning tool with usernames and passwords to scan assets inside the network from a logged-in state. These logged-in scans are called “credentialed” or “authenticated,” and are considered to be more useful in getting a complete picture of potential cyber risk. 

    The other kind of vulnerability scan, called “non-credentialed” or “unauthenticated,” only scans those assets available to the program from outside the log-in. This outside-in external vulnerability scan is a good way to look for holes in firewalls or other areas where cyber attacks may penetrate the network. 

    The best kind of vulnerability scanning does both an internal and an external scan, ensuring you have a complete picture.