#BacktoBasics: What is vulnerability scanning? 

21 September 2020 by Laura Valentine

Cybersecurity remains high on the agenda for businesses navigating the unprecedented landscape of 2020. With cybercriminals phishing to take advantage of the pandemic, and the shift to remote working creating new opportunities for hackers, cyber-attacks are booming.  

We’re going back to the basics of cybersecurity to shine some light on vulnerability scanning, and what makes it the foundation of your IT security solution.  

What is a vulnerability? 

Whether it’s in your network, infrastructure or web application, a vulnerability is a flaw in the code which has the potential to be exploited by a cybercriminal. Like leaving the back door unlocked, vulnerabilities in your systems present hackers with an opportunity to let themselves inside and take their pick of your most valuable possessions (whether that’s business-critical data, financial records or personally identifiable information).  

Common vulnerabilities and exposures (CVEs) are known vulnerabilities that have been publicly disclosed, like the recent Windows Netlogon vulnerability for which a patch is already available. The more complex your system, the higher the likelihood of a vulnerability being present.  

Threat actors scour the web searching for exploitable vulnerabilities, looking for opportunities to install malware or steal data. Vulnerabilities can be exploited in a range of ways, commonly via SQL injections, cross-site scripting (XSS) or remote code execution (RCE).  

How high is the risk? 

Not all vulnerabilities are equal – for some, the potential risk is more critical. The Common Vulnerability Scoring System (CVSS) is used to help determine the severity of known vulnerabilities and prioritise any required action. CVEs are graded on a scale of one to ten, where a score of nine or ten is regarded as a critical risk.  

According to Edgescan, almost 68% of systems in 2019 had at least one CVE with a CVSS of four or more. For businesses that process payments or handle customer credit card data, this would be in breach of PCI DSS compliance.  

How does vulnerability scanning help? 

Carrying out regular vulnerability scans involves an automated audit of your network and devices, searching for weaknesses in the perimeter, misconfigured systems or other flaws that could be exploited. Both internal and externally facing systems have the potential  to house vulnerabilities. For this reason, different types of vulnerability scans exist: 

• External or unauthenticated vulnerability scans search from outside the business network, assessing ports, firewalls and web application firewalls (WAFs) to detect any weaknesses in the perimeter that a hacker could use to infiltrate the system. These scans replicate the conditions of an outside actor with no network privileges.  
• Internal or authenticated vulnerability scans search within the network to establish what a hacker may be able to exploit if they manage to successfully breach the perimeter. They demonstrate the access that may arise from a successful social engineering attack, where a hacker has obtained credentials that allow them privileged access into the organisation’s system. These scans also replicate the conditions of an internal actor or insider threat such as a disgruntled employee. 

Vulnerability scanning is often used as part of a two-step process along with penetration testing, during which ethical hackers try to break in using the flaws found in the vulnerability scan to help you figure out how to fix them.  

Carrying out effective vulnerability scans is an essential step in your business’ security plan. To ensure the process is as effective as possible you first need to have good network visibility, as it’s impossible to secure endpoints of which you’re unaware. Keeping your whole system patched, updated and carrying out regular scans will reduce the risk of falling victim to the hackers.