What Your Vulnerability Scan Report is Telling You (& What It’s Not)

Last updated August 18, 2022

Summary:

• Vulnerability scans provide visibility of your cybersecurity posture’s weaknesses before cybercriminals can exploit them. They look for weak points in your software and firmware, plus configuration issues in your network’s endpoint devices.
• Vulnerability scans for SMBs should check for weaknesses in software, web applications, and encryption configurations. They should also look for potential information leaks and ways to reduce your attack surface.
• Free vulnerability scanning tools (like Burp Suite, Nmap, Wireshark, and OpenVAS) exist but are usually limited in scope.
• VirtualArmor provides one-time vulnerability scans for compliance purposes and managed security scanning conducted by experts who use the data they collect to keep improving your cybersecurity posture over time.

Cyber attacks, and ransomware attacks, in particular, are on the rise, and this troubling trend is likely to continue. Having an effective incident response plan in place is vital for protecting your organization and its digital assets, but even the best plan is only as good as the facts that inform it.

To create a solid incident response plan, you need specific, actionable information about your current cybersecurity posture. A vulnerability scan gives your cybersecurity team invaluable insight into your current cybersecurity posture’s weaknesses or deficiencies so those cracks in your armor can be addressed before cybercriminals are able to use them against you. 

As an MSSP (see also: what is a managed security services provider?), we run vulnerability scans regularly as part of our managed cybersecurity services.

What is a Vulnerability Scan?

A vulnerability scan involves having trained cybersecurity experts evaluate your IT infrastructure for software and firmware vulnerabilities, as well as evaluate all devices that connect to your network for configuration issues that pose security gaps. Using this valuable information, your cybersecurity team or partner can develop strategies and solutions to address these shortcomings before cybercriminals are able to leverage them and sneak past your defenses.

Whether you opt for a one-time engagement scan or ongoing vulnerability scanning as part of a larger suite of managed services (such as managed SIEM), a vulnerability scan is a critical component of any robust cybersecurity posture. 

What Should All SMBs Look for in their Vulnerability Scans?

What weaknesses your vulnerability scan will look for will vary slightly between organizations, but all comprehensive scans should assess your systems for: 

Vulnerable Software

Software vulnerabilities are the most common vulnerability discovered. This type of scan involves checking for known weaknesses in all the third-party hardware and software your system relies on. These known weaknesses are discovered by security researchers and typically only pose an issue in select versions of particular technologies. 

When software engineers employed by software companies discover a vulnerability or other issue in their code, they create security patches (small corrective snippets of code) to address the issue. However, you can only take advantage of the security patch if you download it, which is one of the many security reasons you should be keeping your software up to date. Cybercriminals frequently try to exploit known vulnerabilities in recently patched software in the hope that not all organizations are as studious as yours about keeping their software up to date.

Web Application Vulnerabilities

Another common type of vulnerability cybercriminals often seek to exploit are security gaps in web applications, which can be used to gain unauthorized access to sensitive data, compromise your web server, or attack web application users. 

Whether you are using third-party applications designed by other companies or proprietary in-house applications, make sure any vulnerability scan you commission includes web application vulnerability scanning. 

Common Misconfigurations & Mistakes

Sometimes the issue isn’t the software or the hardware, but the people using it or configuring it. Incorrectly configured software can inadvertently leave your entire system vulnerable, and you may not even realize it. 

Not following established security best practices can also leave your network vulnerable. After all, investing in a high-quality, unbreakable lock is only useful if you don’t leave the key under the mat (or your password written on a sticky note under your keyboard). 

Make sure you have security best practices in place and that those practices are effectively communicated to all network users. Investing in employee cybersecurity training can not only help curtail network vulnerabilities but can also help secure your network in other ways by making it less likely employees will fall for phishing scams (or other social engineering based attacks). Security-minded employees are also better able to identify potentially suspicious activities (such as strange network traffic), so they can alert your security team. 

Encryption Configuration Weaknesses

A good vulnerability scan will also assess the encryption configurations used to safeguard data in transit between your users and your servers. 

When looking for encryption configuration weaknesses, make sure your scan is looking for issues with SSL/TLS (secure sockets layer/transport layer security) implementations, such as weak encryption ciphers (easy to guess passwords), SSL certificate misconfigurations, and the unintentional use of unencrypted services such as FTP (file transport protocol). 

Attack Surface Reduction

An effective strategy for improving your cybersecurity posture is to limit your attack surface area. You should only publicly expose core services or systems if you absolutely have to, and those exposed surfaces should be continuously monitored for suspicious activities. When choosing a vulnerability scanner, make sure you select one that assesses your attack surface area for issues such as unprotected ports and services that are exposed to the wider internet. Examples of vulnerable attack surfaces include exposed databases, exposed administrative interfaces, and sensitive services such as SMB (server message block). 

Information Leaks

Information leaks involve exposing information to end users when that data should remain private. 

In addition to assessing your system, the final report of your vulnerability scan should include both the weaknesses discovered (in plain, accessible language so that even non-technical team members are able to understand what was discovered) as well as concrete, actionable recommendations for remedying the situation. When it comes to cybersecurity, information is only useful if it can be easily understood and actioned upon. That’s why it is vital you choose a cybersecurity partner whose goal is to educate and inform your team and help you improve your cybersecurity posture.

Not all vulnerability scans will include checks in all of the above categories, and the quality and number of checks a scan includes will vary between organizations. As such, it is critical to do your research before conducting a scan, particularly if you are opting for a paid option, to ensure the scan will meet your needs.

Free vs Paid Vulnerability Scanning

User Beware: “Free” Doesn’t Always Actually Mean Free

Also, the term “free” can vary from scanner to scanner, with some offering a free trial, a free version for non-commercial use only, or limited functionality at the free tier. As such, make sure you are clear about what the free version does and does not include before you sign up and do your research to ensure the free scan will actually give you the information you need in a format you can actually use to improve your security posture. 

Just Because You Aren’t Paying with Money Doesn’t Mean There Isn’t a Cost

When it comes to many “free” vulnerability scans, you may not be paying with money, but there is still a cost. These tools are often limited in scope, so you likely aren’t getting the whole picture. This can lead to a false sense of security as you metaphorically check that the front door is locked while leaving the back door wide open. 

As you will soon see, these tools are also frequently not very user friendly (at least for individuals who aren’t already technology experts), which can mean either hiring a tech expert just to perform your free scan or setting time and personnel aside to learn how to use this product, pulling them away from critical tasks. Free software is typically developed on an extremely limited budget, and UX design is often an “extra” that is left out, making it difficult for even the most technically inclined to get useful information out of these tools. 

Free vulnerability scans are also not carried out by teams of experts and are frequently just tools you can use to assess select aspects of your infrastructure on your own, so even the most comprehensive versions will still require your team to take the information they have gathered and turn it into actionable suggestions. 

Paid options are almost always more user-friendly and typically come with ongoing support and guidance. They are more likely to offer a polished, easy-to-understand report detailing what vulnerabilities were discovered, as well as actionable advice on how to address these issues and improve your security posture. 

Top 4 Free Vulnerability Scanning Tools (& What They Can Tell You)

While paid vulnerability scan options typically yield more detailed and in-depth information (and cover a wider range of checks), free scanning tools can help small organizations on a tight budget assess specific areas of their networks (such as their web applications or security patches).

However, these scanning tools tend to be limited in scope, so you may need to run several in order to piece together a full list of all vulnerabilities on your network.

Burp Suite (Owned by PortSwigger)

Burp Suite is a popular web vulnerability scanner used by a variety of organizations and offers a free version (referred to as their Community Edition). However, this free version has limited functionality and does not include automation capabilities. This version contains essential manual tools and is mostly aimed at researchers and hobbyists. 

Burp Suite is Java-based and can be used to check for SQL injections, cross-site scripting (XSS), and other web vulnerabilities, as well as for security auditing and compliance purposes.

Nmap

Nmap bills itself as a pen-testing tool but works more as a port scanner. Nmap scans your network and flags ports that are vulnerable, which can aid in pen-testing. In addition to port scanning, Nmap can also look for other vulnerabilities in your systems and networks, monitor host uptime, service uptime, and map network attacks when they occur. By pointing out potential weaknesses, it has its strengths as an auditing tool, but it isn’t able to actually show users how the vulnerabilities it discovers could be penetrated.

Nmap is an open-source tool aimed at ethical hackers looking for network weaknesses. Like all open-source software, Nmap is free, but like other open-source programs, it isn’t particularly easy to use unless you are already familiar with using open-source software. 

Wireshark

Wireshark is a well-known open-source network protocol analyzer designed to help with select network vulnerability scanning tasks. It relies on packet sniffing to understand your network traffic patterns, which is useful for network administrators looking to design effective countermeasures. 

By detecting suspicious network traffic, Wireshark can help you discover errors and detect if an attack is underway, categorize the attack, and help you implement rules to protect your network. However, like other open-source options, it isn’t particularly easy to use for the non-technically inclined and will need to be carefully managed and configured in order to meet your organization’s needs.

OpenVAS

The Open Vulnerability Assessment System (OpenVAS) is a free, open-source platform offering a variety of vulnerability management services. Designed as an all-in-one scanner and maintained by Greenbone Networks, it is designed to perform over 50,000 vulnerability tests and is updated daily.

OpenVAS is designed to run in a Linux-based environment and is aimed at experienced open-source users looking to perform pen-tests or targeted scans. However, like the other open-source tools in this list, it isn’t particularly easy to use for the non-technically savvy, and installing and using this tool poses a significant learning curve. Because it is so difficult to install and learn to use correctly, it can take a lot of time to get up and running smoothly, which can eat up employee time and pull them away from other tasks. 

What Information Does Your VirtualArmour Vulnerability Scan Contain?

VirtualArmour offers both one-time vulnerability scanning engagements (vulnerability assessment) and ongoing managed security scanning (vulnerability scanning premium).

One-Time Scan: Vulnerability Assessment

Our one-time vulnerability assessments include both an external scan and a certificate scan and can be useful for auditing purposes or to prove compliance.

Ongoing Vulnerability Scanning: Vulnerability Scanning Premium

Our ongoing vulnerability scanning solution (Vulnerability Scanning Premium) is designed to expose and notify you of potential security gaps in your environment before they can be exploited by cybercriminals. As part of this process, our team of experts will identify:

1. Software and firmware vulnerabilities
2. Weak security policies and configurations
3. Outdated software and operating systems that could be used to penetrate your endpoints and infrastructure 

Our team will also scan and audit your publicly exposed resources (such as file servers and web applications) with the goal of minimizing your attack surface as much as possible. 

Vulnerability Scanning Premium can also be integrated with our managed SIEM option, offering more comprehensive data and additional context for alerts. 

Vulnerability Scanning Premium also includes: 

• Custom vulnerability severity levels
• Defined processes and escalation procedures
• A record of all vulnerabilities detected across your environment, both on-premises and in the cloud
• Threat intelligence feeds
• SIEM platform enrichment using vulnerability analytics

This premium option also offers both periodic and on-demand reports, so you always know exactly what is going on, improving your organizational agility by making it easy to respond to issues as they come to light. All asset vulnerabilities are correlated with network configuration and traffic data, allowing us to identify active attack paths across your network. This vital information is used to simulate threat vectors and predict how a theoretical attack could potentially spread across your network. This can help you adjust your incident response plan as necessary and help you take a proactive rather than reactive approach.

In addition to these security benefits, continuous vulnerability scanning can help ensure your organization is complying with relevant legislation, helping you avoid the costly fines associated with noncompliance. Our team of security engineers will continuously analyze the results of your vulnerability scans and use this information to craft concrete, actionable recommendations designed to improve your overall security posture across your organization’s infrastructure, from core to cloud.

For more information about the importance of vulnerability scanning, or to learn more about our vulnerability scanning options, please contact our team today.