Introduction to Vulnerability Scanning and Management

Vulnerability management is a core element in modern information technology (IT) compliance. IT compliance is defined as the adherence to legal, corporate and contractual rules and regulations as they relate to IT infrastructures. Within its context IT compliance mainly relates to information security, availability, storage and privacy. Companies and agencies have to comply with many legal obligations in this area.

The control and improvement in IT security is an ongoing process that consists at a minimum of these three steps:

  • Discovery of the current state
  • Taking actions to improve the current state
  • Review of the measures taken

Mageni assists companies and agencies with automated and integrated vulnerability assessment and management. Mageni enables people with passion for cybersecurity to discover vulnerabilities and security gaps before a potential attacker would. Mageni can achieve this through different perspectives of an attacker:

  • External: Mageni attacks the network externally. This way it can identify badly configured or mis- configured firewalls.
  • DMZ: Mageni can identify actual vulnerabilities. These could be exploited by attackers if they get past the firewall.
  • Internal: Many attacks are executed internally by insiders through methods of social engineering or a worm. This is why this perspective is very important for the security of the IT infrastructure.

For DMZ and internal scans it can be differentiated between authenticated and non-authenticated scans. When performing an authenticated scan the Mageni uses credentials and can discover vulnerabilities in applications that are not running as a service but have a high risk potential. This includes web browsers, once applications or PDF viewers. For a further discussion on the advantages and disadvantages on authenticated scans see section Pros and Cons of Authenticated Scans.

Due to new vulnerabilities being discovered on a daily basis, regular updates and testing of systems are required. Mageni Security Feed ensures that the Scanner is provided with the latest testing routines and can discover the latest vulnerabilities reliably. Mageni analyzes CVE (Common Vulnerability and Exposures is a vendor neutral forum for the identification and publication of new vulnerabilities) messages and security bulletins of vendors and develops new testing routines daily.

Mageni utilizes the Common Vulnerability Scoring System (CVSS). CVSS is an industry standard for the classification and rating of vulnerabilities. This assists in prioritizing the remediation measures. To deal with vulnerabilities fundamentally two options exist:

  • Removal of the vulnerability through updating the software, removal of the component or a change in configuration.
  • Implementation of a rule in a firewall or intrusion prevention system (aka virtual patching).

Virtual patching is the apparent remediation of the vulnerability through a compensating control. The real vulnerability still exists. The attacker can still exploit the vulnerability if the compensating control fails or by utilizing an alternate approach. An actual patch/update of the affected software is always preferred over virtual patching.

Mageni supports the testing of the implemented remediation measures as well. With its help responsible IT staff can document the current state of IT security, recognize changes and document these changes in reports. To communicate with management Mageni offers abstraction of technical details in simple graphics or in the form of a traffic light that displays the state of security in the colors red, yellow and green. This way the IT security process can be visualized in a simplified way.