Vulnerability scanning is a cornerstone of IT security and has become a regulatory compliance standard today. For this reason, it seems particularly unfortunate that many large enterprises remain stuck utilising an outdated approach to scanning, which leaves their organisations vulnerable, despite their best efforts.
Nearly 20 years ago, the initial approach to vulnerability management and scanning was developed, whereby the IT department designated what network to scan, when the scan should take place and then collated the results via the study of the scan analytics. This has formed the blueprint for how vulnerability scanners have operated ever since.
However, says Maxtec, a South African IT services provider specialising in security, storage and networking solutions, performing vulnerability scans on a semi-regular basis - whether monthly, weekly or even daily - is no longer enough.
Maxtec is the sole South African distributor of a range of security solutions from Tenable, the leading vulnerability management vendor in the market. Maxtec and Tenable suggest that continuous monitoring is the single best protection an organisation can have to safeguard network health.
"IT has changed massively in the last two decades, what with virtualisation and the cloud, on-demand IT and bring your own device, to name a few. The rapid increase in these new systems has been compounded by fact that new threats have increased exponentially as well," says Gavin Millard, a Tenable director.
"Today, scanning for threats on a daily or weekly basis is akin to using a Polaroid camera instead of video feed for your CCTV security. While it certainly captures snapshots effectively, there is plenty of important information that you miss. For this reason, Tenable believes it is vital to constantly monitor for vulnerabilities. In this way, like with a video feed CCTV system, you will have the best possible view of your systems, to ensure that nothing bad happens."
He explains that Tenable has therefore developed a new way of scanning for the 21st century. This includes both the Nessus Vulnerability Scanner and the Passive Vulnerability Scanner (PVS), which allow users to dig deeper into their environment and gain the ability to detect, assess, report and take action on different aspects of IT security.
"The PVS is in effect a high-speed, low detail offering, while the Nessus scanner is the opposite. Therefore, by marrying the two solutions, organisations can combine Nessus active scans and logs from firewalls, operating systems, intrusion detection systems and other sources with real-time data from the PVS, which then becomes a binding source of data that provides real-time context, making the rapid detection of intrusions possible.
"Tenable is uniquely positioned in the marketplace to offer a combination of this nature, and there is no other scanner in the world that can deliver anything similar. The real benefit of the PVS, in particular, is that it allows for the scanning of systems that you would not be able to scan actively," he adds.
An example of this, suggests Millard, would be mobile devices, which can be scanned by PVS, simply through monitoring the interactions between the device and the network.
"There are also those arenas where one simply cannot conduct active scans. For example, in a hospital, one could not take the risk of actively scanning a network associated with lifesaving technology while someone was on the operating table. Security may be very important, but it cannot be allowed to interfere with the primary reason for healthcare, which is saving lives. With passive scanning, however, we can keep the hospital network secure while the doctors go about their business, with no risk to the patients.
"What it boils down to is the simple fact that businesses can no longer conduct their security management the way they have always done, simply because it is the way it has always been done. Threats and vulnerabilities today are the offspring of the 21st century, and the only way to overcome them is by tackling them with equally advanced 21st century security solutions. Such solutions are exactly what Tenable provides," concludes Millard.
Share
Editorial contacts