Vulnerability scans are a great way to dive deeper into a network and search for problems that may go otherwise undetected. Many times, however, security professionals are performing scans that are only scratching the surface of what could potentially be uncovered.
So how do you know if you’re doing it the right way?
Vulnerability Scanning Authentication
In the issue of vulnerability scanning, there's one common thing that organizations miss in the steps of vulnerability scanning networks for misconfigurations, outdated software, and the like.
Unauthenticated:
In terms of unauthenticated scanning, the vulnerability scanner can only check those things that have open ports. Imagine those things being in your house, like open windows or open doors. If the software or service does not listen on an open port, the vulnerability scanner has no way to tell what software is vulnerable and what is not.
The top three options listen and have open ports, so the scanner can send packets to those things and determine what kind of vulnerabilities they have. However, if it does not have credentials to log into this asset and look at other things, the vulnerability scanning technology is completely blind to if there are vulnerabilities in those client-side applications.
About 50% of the vulnerabilities we see involve these client-side programs that are very prominent on workstations.
Authenticated:
The "right" way or more successful way is giving the scanner credentials and the ability to log into the asset or file system to look at the software that's actually running. Now you don't need things to be listening on a port, because the scanner can look at everything on the back end. This also helps reduce false positives while more thoroughly inspecting every avenue for vulnerabilities and security holes.