Questions? Contact Us

 

Latest News

Featured News & Events

The importance of vulnerability scanning

In a world where the threat of a data breach is ever evolving, securing complicated IT networks is critical to a business' ability to meet industry data security requirements. Even if your company has tested your IT system's security defenses in the past, maintaining this security is a continuous process.

Each time your system is updated and upgraded, your business should assess the threat to its network. Vulnerability scanners are an effective way of identifying devices on your network that are open to known and potential vulnerabilities.

What is Vulnerability Scanning?

A vulnerability scan is exactly what it sounds like: a software program that compares a company's operating systems, networks and applications against proprietary or public databases of known vulnerabilities. There are two types of scans: internal and external. An external vulnerability scan searches for holes in a network's from the internet. An internal scan operates inside a business' firewalls to assess real and potential vulnerabilities within the network.

Vulnerability scans provide reports on detected gaps in security and recommendations for security patches or vendor solutions. A report will also describe the types of vulnerabilities or risks found and a potential cause for each vulnerability. In accordance with the PCI Security Standards, scans assign vulnerabilities a numeric rating of 1-5. Those ratings are defined as follows:

  • Level 1 – low risk where hackers can obtain information on configuration.
  • Level 2 – medium risk where hackers can obtain sensitive configuration information.
  • Level 3 – high risk where a hacker could conduct directory browsing or a limited exploit of read.
  • Level 4 – critical risk including potential Trojan horses and file read exploits.
  • Level 5 – urgent risk including confirmed Trojan horses, files read and write exploits and remote command execution.

The critical difference between a vulnerability scan and a penetration test, another security measure required under PCI standards, is that one is active and one is passive. Vulnerability scans assess the potential for risk using automated tools, while in a penetration test an IT professional actively tests a network's defenses through manual exploitation. Both measures help ensure maximum data security.

What it means

So what does a vulnerability scan really tell you? It gives you a precise look at all identified vulnerabilities, and potential vulnerabilities, that are often only targeted by hackers.

Business learn through vulnerability scanning about the consequences and risks involved with each identified vulnerability and proposed actions to close security gaps. Think of it like a required physical. A person can't take action to improve his health until he knows what's wrong. It takes a doctor to identify early signs of health risks, much like it takes a vulnerability scan to assess silent IT threats.

ZZ Servers Vulnerability Scanners are designed to help merchants successfully comply with PCI data security guidelines. ZZ Servers can customize its scanning service, including internal and external network scans, to meet the specific needs of any business. Our automated remote probe uses a signature database of more than 3,500 vulnerabilities to assess the risk to your business. We provide web-based reports delivered securely to any web browser, and we offer recommendations and consultation for remediation of vulnerabilities.

Has your network had a check-up lately?

Sources:

http://www.isaca.org/Journal/archives/2014/Volume-4/Pages/Ethical-Hacking-The-Next-Level-or-the-Game-Is-Not-Over.aspx

https://www.pcisecuritystandards.org/pdfs/pci_scanning_procedures_v1-1.pdf

https://www.pcicomplianceguide.org/internal-vs-external-vulnerability-scans-and-why-you-need-both/

https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf
World Backup Day: Have you backed up your data lat...
Why it matters where you host your website

Related Posts

 

Tag Cloud

vps cyber security management motivation Linux phishing cyber monitoring Interworx-CP DRP Healthcare Records business solitions Payment Card Industry Alarm Home Depot Breach business Small Business data breach shared hosting phishing attacks QSA PCI Service Provider follow.The HIPAA Privacy Rule personal information SSL HIPAA two factor authentication VPS Servers Health Care Cybersecurity Sysadmin Reports ZZ Servers Co-Founder Charleston exchange mail server Internet search Positive Customer Impact passwords spoofing business solutions Ubuntu Domani Names members area dss Internet infrastructure shared secure hosting Continuous Monitoring information technology intrusion detection bash Zendzian Information Technology TiaraCon Business Solutions Control Panel cloud infrastructure computer networks network PCI Hosting teensy computing in the cloud HIPPA Cybersecurity Business Solutions World Backup Day Cybersecurity credit cards stolen David Zendzian CentOs Debian safe computing windows 7 cyber liability insurance business community Announcement Hackers PCI compliance Medical Solutions pci complliant hosting recovering data IT Cloud Computing Server Mangement command line lamp IT security physical security cyber permissions Firetalk Online Business spf computer security arduino Internet Corporation cyber monday credit card payment Geekend dsbl education Email Shmoocon data privacy social engineering embedded malicious software Vulnerability caller-id PCI Data Security Standards Presentation apache assesment Hosting Assigned Names PCI Compliance InterWorx health care providers trends Medical Records infrastructure shared server cli activesync IT solutions Disaster Recovery Plan support IT Services DEF CON iphone BSides OSSEC email accounts cybersecurity cell phone email ICANN physical INFOSEC Business Planning eCommerce Health Insurance Portability Car Hacking blackberry cyber protection GDPR Compliance eCommerce Solutions HIDS protect data multi-factor authentication Security Credit Card Security PCI data protection small business security circles Las Vegas PCI Audit ZZ Servers backup solutions log files Accountability Act Credit Cards anti virus credit card smartphone password shared folders change TLS Windows video Scalable Redundant Cloud Infrastructure healthcare solutions HIPAA solutions PCI Solutions sender policy spam National Cyber Security Awareness Month ipad IT services compliant hosting employee training vyatta router firewall filter security PCI HIPAA vulnerability scanning IT Solutions businesses Web Hosting PCI DSS 3.2 logical security qsa kerio black friday security Xen compliance openssl HIPAA Solutions cloud amazon ec2 hosting control panel