Vulnerability scanner is a software or hardware product for searching for threats in a company’s infrastructure. The scanner is used to detect breaches in network security, operating system, databases, applications, etc. The main task is to assess information security, identify vulnerabilities and provide reports.
The administrator can use the scanner to find the “holes” that hackers use to gain unauthorized access to confidential data on the company’s network. The vulnerability scanner can monitor running processes, services, and scan used ports.
Information security audit
Main functions
The software product has the following functions:
- searches for various types of network vulnerabilities and analyzes them in real time;
- checks network resources, OS, connected devices, ports;
- analyzes all active processes and the behavior of running applications;
- creates reports that specify the type of vulnerability.
The principle of operation of the scanner
- Probing. An effective but slow way to find and analyze vulnerabilities. Its essence lies in the fact that the solution initializes virtual attacks and monitors the network infrastructure to find vulnerable points. At the end of the process, the administrator is provided with a detailed report indicating the problems found and recommendations for their deactivation.
- With caning. In this mode, the scanner works as fast as possible, but analyzes the network infrastructure at the surface level. That is, it detects obvious vulnerabilities and analyzes the overall security of the infrastructure. Compared to the previous method, this method only warns about the problems found by the administrator, but nothing more.
The scanner’s operation is based on indirect signs of vulnerabilities. If the software analyzes application-level protocols or APIs, it determines their parameters and compares them with acceptable indicators set by the administrator. If it detects a discrepancy in values, the administrator will receive a notification about a potential vulnerability. After that, you need to check the potential threats found with any other tools.
What actions does the vulnerability scanner perform?
- Collects information from the entire infrastructure: active processes, running applications, running ports and devices, services, etc.
- Search for potential vulnerabilities using different methods.
- Uses special methods to simulate attacks to find possible vulnerabilities (the feature is not available in every scanner).
- Generates a detailed report with information about the vulnerabilities found.
Scanners can be “friendly” or “aggressive”. The first type simply collects information and does not simulate an attack. The second one uses the vulnerability to cause a software malfunction.