There are a lot of reasons, it appears, to avoid vulnerability scanning – and most of them have some variation of laziness at their root. It takes too long. It costs too much. I don't have time. And on and on. The fact is that there are far more reasons to perform vulnerability assessment than there are not to. Probably the most missed target for vulnerability scanning is also the most typically vulnerable – the low-hanging fruit of endpoint devices. That includes mobile devices.
At a glance
Product: iScan Online
Company: iScan Online
Price: $2.00 monthly or $15 yearly per device.
What it does: Cloud-based vulnerability, mobile device and data discovery scanning service.
What we liked: Simplicity of use is my top favorite, although extremely low cost and good functionality are right up there with it.
What we didn't like: There is absolutely nothing not to like with this service.
Wouldn't it be great if a user could perform a vulnerability check or a check for clear-text personally identifiable information (PII) or credit card information on demand, investing a total of a minute or so and a cost of just pennies? Or, even better, what if that user's employer performed the check automatically in such a way that it would be completely unobtrusive and still very inexpensive? Now, with iScan, an innovative cloud application, you can do exactly those things and for, as the founder told me, less than the cost of a Chicken McNugget.
iScan uses a really neat approach to vulnerability and PAN (looking for credit card, etc.) scanning. The device scans itself, essentially. It delivers the results to the cloud where the data is interpreted and placed into some of the best reports we've seen. But, before we get into reporting let's go back to the methodology used in iScan.
The solution can perform vulnerability, data discovery and compliance checks easily, quickly and inexpensively. The administrator's console provides lots of information, arranged so that the important issues bounce out at first glance, but deeper digging allows more complete analysis. Reports are customized to the purpose and are arranged like the console: a simple, straightforward section that gives the meat of the assessment followed by a deeper dive into the details if needed.
Mobile devices pose a serious vulnerability challenge for organizations. Today's mobile device malware not only infects the devices, but also use the device as a sort of “Typhoid Mary” carrying the infection to the enterprise. Finding the vulnerabilities on mobile devices that enable these problems can be difficult. iScan for mobile devices looks for vulnerabilities, configuration errors and other security holes. Data discovery also allows identification of clear text sensitive items, such as credit card numbers on mobile devices. Whether the device is iOS or Android, iScan has you covered.
While iScan is complete and cost-effective, probably its most impressive feature is its ease of use. Whenever one asks an employee to do an additional task, especially one that requires repeating, one encounters some degree of resistance. iScan is so simple for the end-user, and analysis/interpretation for administrators is so straightforward, that there is unlikely to be any resistance to its use on grounds of intrusions into the over-full workday. Obviously, we liked iScan a lot for many reasons. It's free to try so you can judge for yourself.