4 Reasons to Use a Vulnerability Scanner

Two of the best pieces of advice ever given to me are “Know your enemy” and “Know Thyself”. Neither was offered in the context of information security, but both are exceptionally appropriate, and a vulnerability scanner will help with both.

A vulnerability scanner is a tool that can automatically scan your network and the systems connected to it, examining each one for vulnerabilities that could be exploited. Malicious users frequently use vulnerability scanners or other automated scanning tools to hunt for ways to compromise your systems; using the same tools yourself not only gives you an understanding of what they are seeing on your network, but also lets you know about issues before they become incidents.

 There are many different reasons to use a vulnerability scanner. Security engineers may use a vulnerability scanner to report on the overall threat matrix, but systems admins should take advantage of more than just that. Here are my own top four reasons to use a vulnerability scanner on my own network. Run through this list and see if you don’t decide to use a vulnerability scanner yourself by the time you get to the end.

 Scanning shows you what other reports can’t.

  1. Your patching and a/v systems can’t report on the things that don’t run their agents or belong to the domain. Standalone servers, network hardware, rogues workstations, and access points are all examples of things on your network that neither your a/v nor your patching solution will be able to include in a report.
  2. Diff-ing scheduled scans let’s you spot and track changes.
    One of the most effective ways to spot any changes on your network, whether that be new systems plugged in, or just new services enabled, is to scan weekly and then compare the deltas. This is also a fantastic way to audit your change management process to make sure it is being followed and is effective.
  3. Knowing what the bad guys see helps you rank and schedule remediations.
    You know the bad guys are scanning your network. Knowing what they are seeing, and being able to rank vulnerabilities by risk and impact, will let you assign tickets and set priorities for fixing any issues discovered by the scan.
  4. It’s one thing to talk about vulnerabilities; it’s quite another to show them.
    You can talk to some systems admins, or managers, until you are blue in the face about how important it is to patch their system and have as much impact as talking to yourself. But if you run a vulnerability scan and show them just how many vulnerabilities are showing up in their system. That will get their attention, and then their system should get the attention it needs.

 Running regular scans of your network with a vulnerability scanner shows you what potential attackers are seeing, highlights potential attack points, and helps you keep track of everything plugged into your network. Using a vulnerability scanner is a great way to stay a step ahead of the bad guys and to keep on top of your own systems.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.

All product and company names herein may be trademarks of their respective owners.

GFI WebMonitor Internet Monitoring and Web Security Review

Looking for a program that monitors your user’s internet use, allows you granular control over what sites and services they can access, and when? Coupled with comprehensive web security and threat detection that includes scanning with not one, not 2, but three Anti-Virus engines?

Look no further than GFI’s WebMonitor.

The wonderful folks at GFI recently provided me with a license key and asked if I would check out their software. Their timing was exceptional. I have been looking for a web monitoring solution for small to medium businesses. One that is feature packed, but easy to use. I fell in love with WebMonitor.

Here are some of the top features:

SITE BLACK LISTING

Simply select the website, IP address or user that you want to block access to and click add. Next, save settings and instantly the site that you do not want access to will be blocked:

Anyone trying to surf to a blacklisted page from your network will receive this error in their browser:

What is nice about WebMonitor is it also scans all downloads and looks for malicious pages as your user searches the web. If users try to search to a page that is suspicious, Webmonitor blocks it and the user will see this message:

WEBSITE RESTRICTIONS BY CONTENT TYPE

Want to block a user from certain websites by topic? Simply select the category from the list and select “Block”:

How about Streaming Media sites?

Just select “Block” on any of the sites or media types that you want to block and streaming video will be blocked. In the screenshot above we see that “Generic Site Streams” are blocked. So what will happen if someone tries to run YouTube videos?

“An error has occured. Please Try again later”. We could have just added YouTube to the black list and we would not have even been able to surf to the website. But this setting blocks streaming videos from all the websites. Nice!

BLOCKING BY POLICY

In almost every section of WebMonitor, internet blocking or restriction can be configured by user, by date or even by time. And again GFI’s easy to use interface really shines. Here we see the policy enforcement calendar for streaming media, with just two mouse clicks I disabled the policy for the weekend network users:

SECURITY AND SAFETY

WebMonitor protects against malware masking itself in HTTPS traffic, and has the ability to block attempts to circumvent web filtering. Also, downloads are scanned by three anti-virus engines:  BitDefender, Kapersky and Norman.

Why?

Because not every anti-virus will detect every single threat. Using several anti-virus engines increases the chances that malicious files will be detected. I have tested BitDefender heavily and it is VERY good at detecting and blocking encoded, obfuscated backdoor programs like the ones used in targeted phishing attacks.

And again the WebMonitor GUI makes it very easy to change AV settings if you don’t like the default values:

This is just a brief overview of some of the multiple capabilities of this feature rich program. I really didn’t touch on the monitoring side to much, but you can monitor all internet use and view it by user or computer. Actually the GFI documentation recommends just letting WebMonitor collect statistics for the first week so you can see where your employees are visiting and how much time they are spending online.

Then you can go in and block or restrict usage as necessary.

GFI WebMonitor is a very powerful tool that is easily configured through an intuitive graphical interface. The only negative I encountered was that it does seem to draw a lot of resources. I ran it on my main desktop and it noticeably affected both boot time and surfing.

But as this is a full time monitoring and security system, you probably want to install it on a separate system or on one that is not used heavily for other functions.

GFI WebMonitor is the most mature and feature rich monitoring/web security program I have seen to date. I was very impressed with this product and highly recommend it.

Want to try it out yourself? WebMonitor is available for a 30 day free trial!