On-demand security audits, vulnerability management: A proactive approach to network security

Hacker attacks are no longer limited to high-profile organisations such as banks and governments. Automated tools have made it easier to identify and exploit network exposures, swelling the ranks of hackers. At the same time, viruses, worms and Trojans have evolved into sophisticated, self-propagating attacks resistant to detection. IT groups rely on four technologies to protect their networks: virus detection, firewalls, intrusion detection systems (IDS), and vulnerability assessment. Each has a place in a comprehensive security strategy.

Only vulnerability assessment provides a proactive approach, identifying network and device vulnerabilities before networks are compromised. Companies can choose from several approaches for vulnerability assessment: manual testing using software-based products, consultants` penetration testing, and self-service automated third-party solutions. With the latter approach, called on-demand security audits and vulnerability management, organisations can effectively manage their vulnerabilities and have control over their network security with centralised reports and one-click links to verified remedies. Automated security audits offers clear cost and security advantages over other methods of vulnerability assessment.

"99% of network intrusions result from exploitation of known vulnerabilities or configuration errors where countermeasures were available." Source: CERT, Carnegie Mellon University

Not too long ago, most hacker attacks targeted high-profile organisations such as banks and governments. Times have changed, and now every Internet-connected enterprise is vulnerable, whether it has thousands of IP addresses or just one.

Companies face increasing risk from network security breaches, for the following reasons:

* Networks increasingly have multiple entry points, for example, VPNs and wireless access points used by remote employees. This exposes networks to threats from unknown software and unprotected connections.

* The number of exploitable vulnerabilities is burgeoning.

* Networks and applications have grown more complex and difficult to manage, even as qualified security professionals are scarce and IT budgets have come under pressure.

* Hacking tools are becoming automated and require less skill to use, increasing the ranks of hackers. And because these tools are automated and designed for large-scale attacks, a single hacker can inflict more damage.

* Malicious self-propagating worms, viruses and Trojans boost damage through a multiplier effect: they keep on "giving" long after the initial incident.

* Compressed software development lifecycles result in flawed or poorly tested releases that expose users to more risks and hidden vulnerabilities.

* The lifecycle for network attacks is shorter. Therefore, companies have less time to correct network and system vulnerabilities before they reach widespread awareness in the hacker community.

As a consequence of these trends, companies must be increasingly vigilant to protect their networks from surging numbers of vulnerabilities that can be exploited by worms and automated attack methods.

Companies can take advantage of a combination of strategies to ensure network security: virus detection, firewalls, intrusion detection systems (IDS), and vulnerability assessment. All four play distinct, important roles.

Most organisations have deployed firewalls that deny unauthorised network traffic. Some organisations have also deployed intrusion detection systems. And virtually all organisations have anti-virus solutions. With all these security technologies, how do intruders continue to successfully penetrate networks and create havoc? The answer: by exploiting the vulnerabilities of the applications that organisations employ to run their businesses online. Therefore, vulnerability assessment has become the new frontier for network security.

Where IDS is reactive, detecting attacks while or after they occur, vulnerability assessment is proactive, determining susceptibility to attacks before networks are exploited. With early vulnerability detection, companies can take corrective action before damaging network attacks can take place.

Vulnerability assessment has been conducted for years with techniques such as annual or quarterly penetration testing by expert consultants. Now, with automated vulnerability assessment solutions, organisations can detect and eliminate vulnerabilities frequently and at a reasonable cost, closing their networks` windows of exposure.

Vulnerability assessment is a methodical approach to identifying and prioritising vulnerabilities, enabling IT organisations to non-intrusively test their networks from the "hacker`s eye view" and automatically:

* Identify vulnerabilities and network misconfigurations.
* Identifies rouge devices, including wireless and VPN-access points.
* Detect and prioritise vulnerability exposures.
* Provide remedies for known vulnerabilities.
* Validate firewall and IDS configurations.

Companies that perform vulnerability assessment typically scan new systems when they are attached to the network, after software is installed or reconfigured, and at regular intervals thereafter. When a vulnerability is detected, the company corrects it and then performs another scan to confirm that the vulnerability is gone.

Vulnerability assessment works hand-in-hand with anti-virus, firewall and IDS. The vulnerability assessment identifies potential vulnerabilities before they can be exploited, and the intrusion detection system notifies the company when anomalous activity has occurred. The two approaches are synergistic: vulnerability assessment enables IT to identify and close obvious holes so that the intrusion detection system has fewer places to check. Vulnerability assessment also works in conjunction with firewalls to continuously and seamlessly monitor for vulnerabilities that may have inadvertently been introduced by firewall policy changes.

CERT states that vulnerability assessment improves computer security by detecting rogue systems and monitoring for new access points.

* "Periodically execute vulnerability scanning tools on all systems to check for the presence of known vulnerabilities and eliminate all vulnerabilities identified by these tools."

* "Periodically execute network mapping and scanning tools to understand what intruders who use such tools can learn about your networks and systems."

Managed vulnerability assessments afford organisations a simple, effective, efficient and affordable way to keep their networks secure. It provides subscribers with instant, real-time, on-demand access to network topology mapping, detailed reports about security vulnerabilities, and validated solutions.