Vulnerabilities are like fish in the sea. We can identify the different species and explore their individual varieties but there will always be others to discover. On average, 20 new vulnerabilities are found each day across equipment vendors, operating systems, and software applications. All companies should be implementing a comprehensive vulnerability management program, one that includes vulnerability detection, external and internal vulnerability assessments, frequency, application testing, policy scanning, remediation, and configuration.
Conducting a vulnerability scan is useful in identifying exploitable operating systems, services, and applications both inside and outside of a network.
External vulnerability assessments have always been considered the most critical because Internet accessible devices are most exposed to attackers. However, hackers have developed methods that compromise the vulnerabilities of systems residing on the internal network as well, which means organizations must test more frequently for vulnerabilities now than they have in the past. It is recommended that external vulnerability scans be run weekly for optimum security and monthly for best practice.
Internal scans can be run less frequently – monthly for optimal security and quarterly for best practice. Administering secure application and policy testing is also recommended. All of this information must then be passed on to an IT administrator who can then remediate identified security weaknesses and correct misconfigurations as quickly as possible.