As threats evolve and change with each new technology introduced organizations will also have to strive to improve the techniques used to protect their critical Information Technology (IT) assets. Gartner's IT Key Metrics Data for 2010 which was based on a survey of companies worldwide found that a company spent 5% of their IT budget on IT Security (Kirk, 2010). Connie Guglielmo, a Forbes staff member noted that IT spending will hit $2 Trillion in 2013 and Worldwide IT spending will rise 4.6 percent this year (Guglielmo, 2013).
There is no doubt that some portion of the IT budget will be spent on a technology solution for the purpose of defending the IT infrastructure. The questions are what will it be spent on, what assets will be protected and will the solution be relevant to tomorrow’s emerging threats? There are new vulnerabilities and threats targeting IT systems on a daily bases, staying on top of system vulnerabilities can be a massive and daunting task. A combination of systems i.e. Windows, Linux, UNIX, Cisco, Juniper etc… complicates vulnerability management and if not properly managed will lead to critical IT assets and information being compromised and damage to an organizations’ reputation. Successfully identifying system vulnerabilities, also known as Vulnerability Management is paramount to system security; a reliable vulnerability scanner is the key to successful vulnerability management.
Vulnerability scanning security software can combat system based threats while maintaining compliance and securing critical IT assets. This paper will look at vulnerability scanning security and discuss what it is, its value to the organization, integration with the current IT infrastructure as well as vender vulnerability scanning products.
II. Vulnerability Scanning, What Is It
Vulnerability scanning is a technology that allows an automated process (scanning) to be executed against a system with the goal of identifying weaknesses in the operating system or system configuration. A weakness can be the lack of a system patch (operating system fix) or a system configuration error which allows the system to be exploited by one or more threats. Vulnerability scanning uses either a database of known threats (signatures) or custom signatures to identify vulnerabilities in a system.
III. Vulnerability Scanning’s Value To The Organization
Vulnerability scanning is an integral component of an organization’s risk assessments/management processes and plays a major role in an organization maintaining regulatory compliance. As part of the risk assessments/management process, vulnerability scanning will identify the weaknesses in systems thus identifying risks. Once the risk is identified it can be properly evaluated and mitigated; when the risk assessment involves hundreds or even thousands of systems an automated solution provided by vulnerability scanners allows for multiple scanning options such as by IP range and operating system...