Vulnerability scanner
A vulnerability scanner is a software or hardware product designed to search for threats in a company’s infrastructure. The scanner is used to detect breaches in network security, operating systems, databases, applications, etc. Its main task is to assess information security, identify vulnerabilities, and provide reports.
With the help of a scanner, an administrator can find “holes” that hackers use to gain unauthorized access (UA) to confidential data on the company’s network. A vulnerability scanner can monitor running processes and services and scan the ports in use.
[text_with_btn btn=”Learn more” link=”https://itglobal.com/ru-ru/services/info-security/security-audit/”]Information security audit[/text_with_btn]Key features
The software product has the following functions:
- searches for various types of network vulnerabilities and analyzes them in real time;
- checks network resources, operating systems, connected devices, and ports;
- analyzes all active processes and the behavior of running applications;
- creates reports that describe the type of vulnerability.
How the scanner works
- Probing. An effective but slow method of searching for and analyzing vulnerabilities. Its essence is that the solution initiates virtual attacks and monitors the network infrastructure to search for vulnerabilities. At the end of the process, the administrator is provided with a detailed report indicating the problems found and recommendations for their deactivation.
- Scanning. In this mode, the scanner operates at maximum speed but analyzes the network infrastructure at a superficial level. That is, it detects obvious vulnerabilities and analyzes the overall security of the infrastructure. Compared to the previous method, this method only alerts the administrator to the problems found, but nothing more.
The scanner’s operation is based on indirect signs of vulnerabilities. If the software analyzes application-level protocols or APIs, it determines their parameters and compares them with acceptable indicators set by the administrator. If it detects a discrepancy in values, the administrator will receive a notification of a potential vulnerability. After that, you need to check the potential threats found with some other tools.
What actions does a vulnerability scanner perform?
- It collects information from the entire infrastructure: active processes, running applications, working ports and devices, services, etc.
- Searches for potential vulnerabilities using various methods.
- Uses special attack simulation methods to find possible vulnerabilities (this feature is not available in every scanner).
- Generates a detailed report with information about the vulnerabilities found.
Scanners can be “friendly” or “aggressive.” The first type simply collects information and does not simulate an attack. The second type exploits vulnerabilities to cause software malfunctions.