Vulnerability management

Vulnerability scanners: Overview | Security Weekly Labs

September 23, 2021
  • Flan Scan
  • OpenVAS - Open Vulnerability Assessment Scanner
  • Vuls.io
  • Flexible search and filtering functions help analysts answer questions quickly.
  • Exploit and threat intelligence correlation separates theoretical risk, from real-world risk. It also removes reliance on CVSS as the only quantifiable factor to prioritize findings.
  • Asset criticality and contextual data (is the vulnerable host exposed to the public internet?) also helps with prioritization
  • Confidence scores also help prioritize. Some vulnerability checks can be 100% certain, while others have to guess. Knowing the difference is important.
  • A SaaS-based console, managed by the vendor
  • Network scanning engines that either install as software packages or are available as complete virtual appliances compatible with most hypervisors. These network scanning engines send their results back to the SaaS-based console.
  • Cloud scanning engines that can be used for performing external vulnerability scans (scanning from an internet, "outside," perspective)
  • Optional agents can typically be installed on Windows, Mac and a variety of Linux and Unix operating systems. Agents alleviate the need to run active, point-in-time network scans by collecting data and sending it back to either a local scan engine or the SaaS console on a regular basis. Agents are typically preferred in very large environments where active scanning is difficult or impossible. They are also ideal for monitoring the state of remote systems on home networks, or small branch offices too small to deploy a network scanning engine to.
Adrian Sanabria

Adrian joined SC Media’s parent company, CyberRisk Alliance in 2020. He will focus primarily on cybersecurity product reviews, but will also provide industry insight trends for both SC Media and Security Weekly (another CyberRisk Alliance company). He brings two decades of industry experience, working as a practitioner, penetration tester, and industry analyst. He spent the last few years as an entrepreneur, challenging norms in sales and marketing for a variety of vendors. Adrian loves to cook, eat, hike, play music and regale his teenagers with stories of what the early days of the Internet were like.

prestitial ad