Network Security Audit & Vulnerability Assessment Services

About Vulnerability Scanning

Vulnerability Scanning analyzes the security of your network using the largest and most up-to-date Knowledge Base of vulnerability checks in the industry. When you launch or schedule vulnerability scans, the service safely and accurately detects vulnerabilities using its Inference-Based Scanning Engine, an adaptive process that intelligently runs only tests applicable to each host scanned.

The service first gathers information about each host, such as its operating system and version, ports and services, and then selects the appropriate test modules. The impact of scans on your network load is minimal because the service samples your available bandwidth and then uses a fixed amount of resources that you specify.

The Knowledge base of vulnerabilities is constantly updated as vulnerabilities are added and updated. For this reason, it is best practice to schedule network security audits regularly to minimize potential risk and ensure constant security. We recommend scheduling routine external, Internet based scans at least quarterly. Internal scans are typically performed semi-annually unless you have a requirement to perform them more frequently (such as quarterly for PCI compliance).

How Does Vulnerability Scanning Work?

There are several events that take place during the vulnerability scanning process. The standard behavior for each of these events is described below.

Scanning EventDescription
Host DiscoveryThe service checks availability of target hosts. For each host, the service checks whether the host is connected to the Internet, whether it has been shut down and whether it forbids all Internet connections. The service pings each target host using ICMP, TCP, and UDP probes. The TCP and UDP probes are sent to default ports for common services on each host, such as DNS, TELNET, SMTP, HTTP and SNMP. If these probes trigger at least one response from the host, the host is considered "alive." The types of probes sent and the list of ports scanned during host discovery are configurable through your additional options. If the host is not "alive" then the scan process will not proceed. You may choose to scan dead hosts through your scan options, but that option may increase scan time and is not suggested for Class C or larger networks. After host discovery, these events occur dynamically: port scanning, operating system detection, service discovery and authentication to hosts when the authentication feature is enabled.
Port ScanningThe service finds all open TCP and UDP ports on target hosts. The list of TCP and UDP ports scanned is configurable through your scan options.
OS DetectionThe service attempts to identify the operating system installed on target hosts. This is accomplished through TCP/IP stack fingerprinting, OS fingerprinting on redirected ports, and is enhanced by additional information gathered during the scan process, such as NetBIOS information gathering.
Service DiscoveryWhen a TCP or UDP port is reported as open, the scanning service uses several discovery methods to identify which service is running on the port, and confirms the type of service running to obtain the most accurate data.
AuthenticationAuthentication to hosts is optional for a vulnerability scan. For a vulnerability scan with authentication enabled, the service authenticates to target hosts based on the selected authentication types in the option profile and the authentication records in the user account. The service uses the credentials for target hosts as defined in authentication records. If authentication to a host is not successful, the service performs vulnerability assessment without authentication.
Vulnerability AssessmentUsing the information gathered about each target host in the previous scanning steps, the service begins vulnerability assessment. The service scans for all vulnerabilities in the Knowledge Base or a selected list of vulnerabilities, based on the user's scan settings. The service runs vulnerability tests that are applicable to each target host based on the information gathered for the host.

The Case for Authenticated Scans

Authenticated Vulnerability Assessments

An authenticated vulnerability assessment is a type of security testing that involves using valid credentials and access to the system to identify vulnerabilities that may exist within the system. In this type of assessment, the tester performs a thorough evaluation of the system's security posture, including analyzing system configurations, application settings, and user permissions to identify vulnerabilities that may not be detectable from the outside.

During an authenticated vulnerability assessment, the tester uses a variety of techniques and tools to probe the system for vulnerabilities. This may include performing manual testing, automated scanning, and analyzing system logs and network traffic. The tester will attempt to simulate a real-world attack scenario by assuming the role of an authorized user and attempting to escalate privileges or access sensitive information.

The goal of an authenticated vulnerability assessment is to identify vulnerabilities that could be exploited by an attacker who has already gained access to the system. By identifying these vulnerabilities, you can better prioritize remediation efforts and improve your overall security posture.

It's important to note that authenticated vulnerability assessments should only be performed by authorized personnel who have the necessary permissions and access to conduct this type of testing. It is also recommended to have proper documentation and consent in place before conducting an authenticated vulnerability assessment.

The Benefits of Using Authentication

Performing an authenticated vulnerability assessment is important because it provides a more comprehensive and accurate evaluation of your system's security posture.

In an unauthenticated assessment, the tester attempts to identify vulnerabilities without providing any valid credentials or access to the system. This approach is limited in scope and can only identify vulnerabilities that can be detected externally. It does not provide a full picture of the vulnerabilities that may exist within the system.

In contrast, an authenticated assessment involves providing the tester with valid credentials and access to the system, allowing them to perform a more thorough evaluation of the system's security posture. This approach allows the tester to identify vulnerabilities that can only be detected from within the system, such as misconfigured user permissions or weak password policies.

Moreover, an authenticated assessment helps to simulate real-world scenarios in which an attacker has already gained access to the system. By identifying vulnerabilities that could be exploited by an attacker with valid credentials, you can better prioritize remediation efforts and improve your overall security posture.

In summary, performing an authenticated vulnerability assessment provides a more accurate and comprehensive evaluation of your system's security posture, helps simulate real-world attack scenarios, and enables better prioritization of remediation efforts.


Security Assessment Services Comparison

We also offer penetration testing services, which are often confused with vulnerability assessments.

ProcessDescription
Automated Vulnerability Assessment
Cyber D Penetration Test
Passive Information GatheringDNS, publicly accessible services, Internet access points, IP address ranges.
YES
Active Information GatheringIdentify other IP addresses beyond those reported. Search for other telephone, web, and email resources not reported. Social Engineering
YES
Network Topology AnalysisNetwork topology analysis: Integrating multiple sources into a high level architectural understanding.
YES
Services & System IdentificationPort scanning techniques based on network topology to identify hosts, operation systems, and services.
YES
YES
Firewall & Router TestingEvaluation of firewall’s capacity to protect network perimeter and inference of configuration, ACL’s, etc.
YES
Intrusion Detection System TestingIDS/IPS system(s) tested by inference and by use of information provided. Various alerts triggered in order to assess effectiveness and accuracy of the system.
YES
Vulnerability TestingSearch engines and vulnerability databases are queried to locate vulnerabilities that affect services running on identified services.
YES
YES
Vulnerability ValidationReview “clean” and flagged services for false positive and false negative findings. Assign risk level to each.
YES
Manual Service AnalysisIn-depth manual analysis of critical hosts and services revealing additional configuration vulnerabilities. Trusted IP address, sub-system analysis, location of vulnerability vectors thru app and protocol fuzzers.
YES
Password Testing and AnalysisDictionary/brute force attacks, control analysis, lockout policy, default passwords, authentication protocols.
YES
YES
Log-in Page TestingSession/account management, login page input validation, cross-site scripting, buffer overflows, database command injection, error handling, access control, data cryptography, and remote administration.
YES