Questions? Contact Us

 

Latest News

Featured News & Events

The importance of vulnerability scanning

In a world where the threat of a data breach is ever evolving, securing complicated IT networks is critical to a business' ability to meet industry data security requirements. Even if your company has tested your IT system's security defenses in the past, maintaining this security is a continuous process.

Each time your system is updated and upgraded, your business should assess the threat to its network. Vulnerability scanners are an effective way of identifying devices on your network that are open to known and potential vulnerabilities.

What is Vulnerability Scanning?

A vulnerability scan is exactly what it sounds like: a software program that compares a company's operating systems, networks and applications against proprietary or public databases of known vulnerabilities. There are two types of scans: internal and external. An external vulnerability scan searches for holes in a network's from the internet. An internal scan operates inside a business' firewalls to assess real and potential vulnerabilities within the network.

Vulnerability scans provide reports on detected gaps in security and recommendations for security patches or vendor solutions. A report will also describe the types of vulnerabilities or risks found and a potential cause for each vulnerability. In accordance with the PCI Security Standards, scans assign vulnerabilities a numeric rating of 1-5. Those ratings are defined as follows:

  • Level 1 – low risk where hackers can obtain information on configuration.
  • Level 2 – medium risk where hackers can obtain sensitive configuration information.
  • Level 3 – high risk where a hacker could conduct directory browsing or a limited exploit of read.
  • Level 4 – critical risk including potential Trojan horses and file read exploits.
  • Level 5 – urgent risk including confirmed Trojan horses, files read and write exploits and remote command execution.

The critical difference between a vulnerability scan and a penetration test, another security measure required under PCI standards, is that one is active and one is passive. Vulnerability scans assess the potential for risk using automated tools, while in a penetration test an IT professional actively tests a network's defenses through manual exploitation. Both measures help ensure maximum data security.

What it means

So what does a vulnerability scan really tell you? It gives you a precise look at all identified vulnerabilities, and potential vulnerabilities, that are often only targeted by hackers.

Business learn through vulnerability scanning about the consequences and risks involved with each identified vulnerability and proposed actions to close security gaps. Think of it like a required physical. A person can't take action to improve his health until he knows what's wrong. It takes a doctor to identify early signs of health risks, much like it takes a vulnerability scan to assess silent IT threats.

ZZ Servers Vulnerability Scanners are designed to help merchants successfully comply with PCI data security guidelines. ZZ Servers can customize its scanning service, including internal and external network scans, to meet the specific needs of any business. Our automated remote probe uses a signature database of more than 3,500 vulnerabilities to assess the risk to your business. We provide web-based reports delivered securely to any web browser, and we offer recommendations and consultation for remediation of vulnerabilities.

Has your network had a check-up lately?

Sources:

http://www.isaca.org/Journal/archives/2014/Volume-4/Pages/Ethical-Hacking-The-Next-Level-or-the-Game-Is-Not-Over.aspx

https://www.pcisecuritystandards.org/pdfs/pci_scanning_procedures_v1-1.pdf

https://www.pcicomplianceguide.org/internal-vs-external-vulnerability-scans-and-why-you-need-both/

https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf
World Backup Day: Have you backed up your data lat...
Why it matters where you host your website

Related Posts

 

Tag Cloud

recovering data Geekend support HIDS smartphone cyber liability insurance computer security cyber cloud infrastructure HIPAA solutions Hosting business solutions employee training email accounts Scalable Redundant Cloud Infrastructure ZZ Servers Co-Founder Cloud Computing Hackers video Domani Names Credit Cards intrusion detection search HIPAA Solutions vulnerability scanning PCI compliance Home Depot Breach shared server safe computing Shmoocon password hosting control panel amazon ec2 Accountability Act Windows activesync exchange Control Panel National Cyber Security Awareness Month permissions ZZ Servers Xen cell phone email data breach IT Services Medical Records cyber protection bash Internet infrastructure BSides Charleston Email Security credit cards stolen Vulnerability compliant hosting ipad PCI Audit Zendzian Debian black friday spf shared secure hosting Medical Solutions small business cybersecurity spam Health Insurance Portability teensy Disaster Recovery Plan PCI Solutions caller-id phishing attacks security circles Sysadmin Positive Customer Impact vyatta router firewall filter security PCI HIPAA pci complliant hosting PCI Hosting GDPR cyber security protect data sender policy Compliance IT services dsbl INFOSEC Payment Card Industry David Zendzian multi-factor authentication Health Care Cybersecurity command line personal information shared hosting business QSA phishing businesses apache OSSEC PCI dss HIPAA anti virus World Backup Day Online Business passwords eCommerce eCommerce Solutions TiaraCon iphone computing in the cloud Continuous Monitoring embedded PCI Data Security Standards windows 7 InterWorx TLS network credit card payment data protection trends change physical PCI Service Provider Firetalk Ubuntu spoofing cyber monitoring two factor authentication Healthcare Records Server Mangement HIPPA Car Hacking Reports assesment motivation Presentation PCI Compliance health care providers business solitions Information Technology physical security business community information technology IT security Announcement Business Solutions arduino Assigned Names IT credit card Alarm data privacy ICANN cloud vps infrastructure Credit Card Security follow.The HIPAA Privacy Rule SSL Cybersecurity DRP blackberry IT solutions social engineering education security logical security openssl Linux malicious software mail server Cybersecurity Business Solutions kerio CentOs healthcare solutions members area management Web Hosting qsa shared folders cyber monday IT Solutions log files DEF CON compliance computer networks cli lamp Business Planning Las Vegas Internet PCI DSS 3.2 VPS Servers Interworx-CP backup solutions Small Business Internet Corporation