Blog
Vulnerability scanning

Mind the gap – how to ensure your vulnerability detection methods are up to scratch

Andy Hornegold
Author
Andy Hornegold
VP of Product

Key Points

With global cyber crime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies’ biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an (over)abundance of solutions available.

But be aware, they may not give you a full and continuous view of your weaknesses if used in isolation. With huge financial gains to be had from each successful breach, hackers do not rest in their hunt for flaws and use a wide range of tools and scanners to help them in their search. Beating these criminals means staying one step ahead and using the most comprehensive and responsive vulnerability detection support you can.

We’ll go through each solution and explain how you can maintain your vigilance.  Of course, vulnerability management is just one step businesses must take to prevent a breach; there’s also proper asset management, employee training and incident response to consider but this article will cover scanning and penetration testing specifically.

Vulnerability scanning

A vulnerability scanner checks your systems for security flaws that can be used to steal data or sensitive information, or generally cause disruption to your business. Depending on your needs, you can deploy scanners to keep an eye on any area of your system from your external or internal infrastructure to your web apps and endpoints, as well as any authenticated or unauthenticated areas of your website.

They do have their limitations however.

Firstly, vulnerability scans can only ever report on what they find in the moment. If you’re running them infrequently then you could easily miss new vulnerabilities that have been introduced in between scans. This is why it’s important to ensure you have a vulnerability management solution in place that can give you continuous visibility of your systems and help you to prioritise and fix any security issues.

And with some scanning vendors there can also be a bit of a waiting game to play while they release checks for new vulnerabilities. This often happens when an exploit is made public before a vulnerability's details are. Fortunately, some solutions – such as Intruder Vanguard - take a faster, more proactive approach, finding the proof-of-concept exploit, breaking it down, and then checking all its customers - often before the scanning vendors have started their checks.

The other challenge with some vulnerability scanning tools is that they are often not tailored to your business and security posture. This is because most have to be generic so that they can be applied to any environment. Vulnerability scanners find it hard to handle bespoke/custom services or applications because they haven't seen them before and therefore cannot extract meaningful results.  As a result, they can often produce false positives, which in turn can lead to wasted time and resources trying to fix non-existent issues.

To avoid this, you need a solution which takes into account your specific environment i.e. the types of systems you have deployed, the configuration of these systems, the data stored within them, and the mitigating controls you have in place. Then, it needs to use this information to ensure it only presents you with issues that have a tangible impact on your security.

How can you make that possible? By adding human expertise.

While a scan will find a vulnerability and report it, it won’t carry out a full "impact review" to show what the actual risk is of someone successfully exploiting the vulnerability.  Penetration tests, however, will.

Penetration tests

A penetration test (also known as a pen test) is a simulated cyber attack carried out by ethical hackers on your systems to identify vulnerabilities that could be exploited by malicious attackers. This helps you to understand not only what needs to be fixed but also the potential impact of an attack on your business.

However, there are major issues with using this as your sole vulnerability detection method.

Firstly, while in depth, penetration testing only covers a point in time. With 20 new vulnerabilities identified every day, your penetration test results are likely to be out of date as soon you receive the report.

Not only that but reports can take as long as six months to produce because of the work involved, as well as several months to digest and action.

They can be very expensive - often costing thousands of pounds each time.

With hackers finding more sophisticated methods to break into your systems, what is the best modern solution to keep you one step ahead?

A hybrid of vulnerability scanning and penetration testing

In order to gain the most comprehensive picture of your security posture, you need to combine automated vulnerability scanning and human-led penetration testing.

Intruder Vanguard does just that, bringing security expertise and continuous coverage together to find what other scanners can’t. It fills the gap between traditional vulnerability management and point in time penetration tests, to provide a continuous watch over your systems. With the world's leading security professionals on hand, they’ll probe deeper, find more vulnerabilities, and provide advisories on their direct impact on your business to help you keep attackers at bay.

The threat of attack is rising, don't leave yourself vulnerable. Choose continuous, comprehensive coverage from Intruder Vanguard.

Get our free

Ultimate Guide to Vulnerability Scanning

Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.

Sign up for your free 14-day trial

7 days free trial