Network vulnerability scanning is an essential function in modern corporate cybersecurity. Thankfully, there are a number of network vulnerability scanners out there on the market, all approaching the prospect differently, and focusing on securing different things in different ways.
However, when put under a microscope, the term “vulnerability scanning” doesn’t really tell us a lot as to what it does (other than scanning for vulnerabilities, of course). As tech terms go, it’s pretty vague. So, let’s dispel some of that mystery…
What is a Network Vulnerability Scanner?
A network vulnerability scanner, often called a Vulnerability Assessment System or VAS , is an automated software solution which automatically detects potential security vulnerabilities in a target organisation’s IT infrastructure.
Typically, these solutions are able to uncover potential vulnerabilities; help triage and remediate those vulnerabilities; identify connected IT assets; monitor online assets like websites and web apps; and flag changes to a network, such as newly added hardware or a change in services.
Why Use a Network Vulnerability Scanner?
Nowadays, the prospect of keeping your network, cloud, and web resources secure is growing ever more complex. Hackers can be incredibly tenacious when they have an organisation in their sights and can hunt for increasingly tiny vulnerabilities in a victim’s defences that they can blow wide open.
This increasing complexity may be a little out of the remit of “traditional” solutions like firewalls and antimalware protection (essential though those solutions still are). Attacks are no longer focused on taking down a small handful of PCs – attackers want to bring whole networks to their knees in order to maximise their results.
The solution to this? Monitor the organisation’s whole infrastructure. Vulnerability Assessment Systems provide essential visibility into an organisation’s entire IT estate – networks, cloud repositories, websites, web apps – you name it, a modern VAS can monitor it.
We can’t possibly compare all network vulnerability scanners out there, but we can take a deep dive into the one we use, provide, and swear by:
Why use our software?
Our software is an infrastructure vulnerability scanner that aims to “find your weaknesses, before the hackers do.” It continually monitors your networks and online resources for new and known threats; common vulnerabilities; and unwarranted exposure.
You can schedule weekly scans, if any new vulnerabilities come up, you don’t need to wait. Our software will automatically scan your network and inform you of any breaches. This means we can remediate them before they do any damage.
What Does Our Software Do?
With 55 new vulnerabilities discovered every day, it’s only a matter of time before something nefarious tries knocking at your door. That’s why you need intelligent, proactive defences in place; our software has vast features. So let’s explore them, shall we?
Common Configuration Slip Ups
After a brief set up, the software lets you see exactly what resources you expose to the internet and how they’re exposed. Their jargon-free alerts give you an idea of each issue and its severity, regardless of your technical know-how.
Intruder works by monitoring IP addresses and domains, so you can even defend devices that don’t let you install software like routers and IoT devices . It also gives you “single pane of glass” visibility across all of your resources, be they on-premise hardware, cloud repositories, or even websites.
It also flags common misconfigurations, like default passwords, unencrypted data, missing updates, web app bugs, and encryption weaknesses.
Identifying Open Ports
Keeping your devices’ ports secure is an essential step in hardening your cyber-defences. You can think of ports like “TV channels” that certain online and network functions use to operate. The data is all going through your WiFi or Ethernet connection, but it’s demarcated from other traffic on the sending and receiving devices by its port. For example, sending email uses a protocol called SMTP which usually uses port 587.
Remote access ports can be particularly sensitive because they are always going to be exposed to the internet. Given the rise in working from home, and that Windows’ Remote Desktop Protocol connections take place on port 3389 by default, hackers often try and interfere with this port to gain ingress.
Understandably, leaving any receptive port exposed to the internet tempts fate. If a hacker were to find it, they could potentially break into your network. Our Software continually monitors for open ports to help you close off any hidden shortcuts into your network.
Missing Updates & Patches
If any of your network hardware is running outdated software or firmware, then you’re potentially open to significant security issues, simple as. Software updates don’t just provide a sleeker user interface and new, handy functionality. They also often come packaged with the latest security patches that close off security issues in older versions.
You see, hackers often harness weaknesses in older versions of software or firmware in order to launch an attack, whether that is a direct, targeted attack on an organisation, or a more scattergun approach like releasing zero-day malware into the wild that exploits vulnerabilities within unpatched software the world over.
Our software scans all of your monitored perimeter devices for the latest software updates, keeping you secure and ensuring you are using the latest and greatest functionality available.
Encryption is a crucial way of keeping sensitive data and traffic away from prying eyes. Encryption secures much of the web through omnipresent protocols like TLS. However, it is possible to implement encryption incorrectly, rendering the information it is designed to protect highly vulnerable to theft or loss.
Our Software scans targeted resources for encryption issues, such as sensitive data being sent unencrypted over the internet, VPN encryption weaknesses, and encryption bugs like Heartbleed, so you can flag and remediate them before the worst happens.
Internal & External Network Vulnerability Scanning Under One Roof
Your infrastructural “perimeter” – i.e., the bits of your IT that are directly connected to the internet – is understandably a crucial battleground in the fight against cybercrime. Your perimeter is the thing that cybercriminals have to breach in order to make their way into your network. Securing your perimeter is like fortifying your castle’s walls to keep everything inside safe from attack.
With 55 new vulnerabilities being uncovered every day, periodic checks against established vulnerabilities are going to leave you vulnerable to new, emerging nasties. However, when a new threat starts doing the rounds that could affect your perimeter, Intruder immediately checks your network for that vulnerability.
The higher end versions of our software can also monitor and protect devices that are internal to a network using a lightweight software agent that sits on the PCs, servers, and other devices you want to monitor. This deepens the perimeter protection by monitoring for internal threats like someone clicking on a phishing email, someone downloading malware, someone accessing an exploit of some kind, and can even monitor for unpatched software on Windows, MacOS, and Linux devices that could leave you vulnerable.
Website & Web App Vulnerability Hunting
Your website is your organisation’s digital home. You pay good money to keep it online, and to maintain your digital brand presence with the best possible design, UX, and copy you can muster. Your website is a valuable investment, and one that Intruder can help to protect.
Our Software continually monitors your website’s infrastructure to check for weaknesses such as exposed databases, unencrypted admin data, and soon-to-expire security certificates. It also checks for potential hacking vectors like SQL injection or cross-site scripting opportunities.
However, Web Application Vulnerability Scanner helps you to go beyond these surface level website security snags. With its authenticated scanning capability, It can scan what goes on behind user and admin login pages too. This helps you secure the non-public (and therefore often more sensitive) parts of your site, so you can be sure your digital destination is completely secure – both for yourself and your website’s users.
Finding Exposed Systems and Shadow IT
The software is all about hunting down what is exposed within your infrastructure so you can make informed decisions about securing them. Services like Microsoft Exchange email, the Remote Desktop Protocol, and website CMSs like WordPress rely on being directly connected to the internet, so Intruder provides essential visibility over these essential systems.
Yet sometimes, as networks and tech stacks grow, services that shouldn’t be connected to the internet get forgotten about or taken for granted. Maybe it’s an old web server that was used for testing and accidentally left active; maybe it’s an old, poorly configured Windows Vista laptop that gets used in the warehouse from time to time; or perhaps it’s a worrying piece of shadow IT that nobody quite knows what it is!
Only Pay for What You Use
The Smart Recon functionality runs as soon as you add a “target” (i.e., an IP address or web asset for monitoring) to your dashboard. Smart Recon automatically checks whether a target is exposed to the internet or not within seconds, ergo whether a target is “active” (and needs checking for vulnerabilities) or is “unresponsive” (and doesn’t pose a risk).
The software also only assigns payable licences to active targets as there’s no point paying to defend resources that pose no risk. So Intruder helps keep your focus, and your budget, where it counts.
The alerts are refreshingly straightforward so you know what’s wrong without having to frantically google the jargon! As you’d expect from any security solution, Intruder comes with a number of notification controls that give you total control over when you get notified of threats and scans, so you don’t get overwhelmed with notifications and suffer the dreaded alert fatigue.
The platform’s email notifications provide the most in-depth controls, including when scans are complete, when the network changes, when changes are made, and when a new threat either has or hasn’t affected you.
It also allows for Slack and Teams integrations to send notifications, and with a bit of set up, notifications can be manually sent to Atlassian Jira too.
We all like it when tools integrate with things we already know and use. Aside from the native Slack and Teams integrations for notifications, It also allows you to link it to a hefty helping of other apps and solutions through Zapier.
Notifications and projects arising from newly detected issues can be sent directly to tools like Twilio SMS, PagerDuty, and Trello. Occurrences in other apps can be set to trigger an Intruder scan – either system-wide or more specifically for a given threat.
The issues that are flagged can also be sent to task and project management tools like Monday, Asana, ClickUp, and Freshdesk.
Unlock infrastructure-wide security visibility today – book a call to see what we can help you with.