3 Tips for Effective Vulnerability Assessments

Every business has different needs, but they also have many things in common. Today, almost all businesses have an IT infrastructure once they reach a certain size. This commonality results in businesses having similar needs.

One such shared need is ensuring that you maintain a secure business network infrastructure.

There are many things an organization can do to keep its network secure, ranging from patch management to firewalls. However, one tactic that is often overlooked is performing a periodic vulnerability assessment.

Regular vulnerability assessments are essential because threats to your network security continually change and evolve, and your security should be able to match this. A user’s PC or network access point might be secure today, but it could become completely vulnerable tomorrow simply because some malicious attacker might have discovered a previously unknown attack vector.

A vulnerability assessment doesn’t come without its own associated costs. You need to strike a balance between security and inconvenience for your end users. Also, it is important that your vulnerability assessments are conducted correctly, as an error could result in the very problems that you are trying to avoid.

With that in mind, we have prepared some tips to ensure efficiency in your vulnerability assessments, helping you to keep your business network secure.

1) Select a proper schedule for your vulnerability assessment:

Vulnerability assessments cover many different tasks. Machines are scanned for missing software patches and they ensure software is correctly configured and that no aspect of your network has changed. You do not want to see that new users have been created, new shares opened or even new PCs or hardware connected to your network without your knowledge.

However, all these checks affect your network performance, making it essential that they are run at times when they least impact productivity. At the same time, they should not be run so infrequently that they leave a large window of opportunity for any attacker to exploit.

Ideally your vulnerability assessments should be run daily and outside of normal business hours. This schedule should be carefully tailored to meet your specific business needs.

2) Do your testing before implementing any changes:

A vulnerability assessment is designed to find deficiencies in your network, be they missing patches or an

incorrect configuration. When this occurs your vulnerability assessment software will offer you a number of options to remedy the situation, or provide you with information on how you might tackle the vulnerability that has been found.

It is important to understand that every network is different. Every computer has different software installed, and is comprised of different hardware. Software patches will alter the core of the software you run and this can lead to potential problems. Likewise, any changes you make to secure your network can also result in issues due to the unique nature of your system.

This is why it is always recommended to have test environments that mirror your live network as much as possible. Any changes can be first implemented on this test network before live deployment. In this way you can prevent yourself from implementing changes that are actually to the detriment of your network operation.

3) Disaster recovery plans are a must:

A bad practice that is often seen in vulnerability assessments and remediation plans is to only think about how we are going to solve an issue only once we actually come face-to-face with the problem itself.

By doing this you can actually cause unnecessary down time as you grapple with unexpected scenarios. A better way to deal with such undesirable events is to plan ahead and create disaster recovery plans for the most common eventualities. This should include a failed patch deployment that results in system instability, measures to take when there is a detected intrusion, as well as the course of action to follow when you encounter a virus infection.

Vulnerability assessment is an important component in maintaining business network security. However, like so many other tasks, it needs to be approached in the right manner. Utilizing the three simple tips above can save you a lot of time in the future and ensure you and your network steer clear of some insidious pitfalls.

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner:

http://www.gfi.com/network-security-vulnerability-scanner

All product and company names herein may be trademarks of their respective owners.

4 Reasons to Use a Vulnerability Scanner

Two of the best pieces of advice ever given to me are “Know your enemy” and “Know Thyself”. Neither was offered in the context of information security, but both are exceptionally appropriate, and a vulnerability scanner will help with both.

A vulnerability scanner is a tool that can automatically scan your network and the systems connected to it, examining each one for vulnerabilities that could be exploited. Malicious users frequently use vulnerability scanners or other automated scanning tools to hunt for ways to compromise your systems; using the same tools yourself not only gives you an understanding of what they are seeing on your network, but also lets you know about issues before they become incidents.

 There are many different reasons to use a vulnerability scanner. Security engineers may use a vulnerability scanner to report on the overall threat matrix, but systems admins should take advantage of more than just that. Here are my own top four reasons to use a vulnerability scanner on my own network. Run through this list and see if you don’t decide to use a vulnerability scanner yourself by the time you get to the end.

 Scanning shows you what other reports can’t.

  1. Your patching and a/v systems can’t report on the things that don’t run their agents or belong to the domain. Standalone servers, network hardware, rogues workstations, and access points are all examples of things on your network that neither your a/v nor your patching solution will be able to include in a report.
  2. Diff-ing scheduled scans let’s you spot and track changes.
    One of the most effective ways to spot any changes on your network, whether that be new systems plugged in, or just new services enabled, is to scan weekly and then compare the deltas. This is also a fantastic way to audit your change management process to make sure it is being followed and is effective.
  3. Knowing what the bad guys see helps you rank and schedule remediations.
    You know the bad guys are scanning your network. Knowing what they are seeing, and being able to rank vulnerabilities by risk and impact, will let you assign tickets and set priorities for fixing any issues discovered by the scan.
  4. It’s one thing to talk about vulnerabilities; it’s quite another to show them.
    You can talk to some systems admins, or managers, until you are blue in the face about how important it is to patch their system and have as much impact as talking to yourself. But if you run a vulnerability scan and show them just how many vulnerabilities are showing up in their system. That will get their attention, and then their system should get the attention it needs.

 Running regular scans of your network with a vulnerability scanner shows you what potential attackers are seeing, highlights potential attack points, and helps you keep track of everything plugged into your network. Using a vulnerability scanner is a great way to stay a step ahead of the bad guys and to keep on top of your own systems.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.

All product and company names herein may be trademarks of their respective owners.