Passive and active vulnerability scans allow organizations to identify weaknesses in their network. Active vulnerability scanning provides a more complete picture of network vulnerabilities but runs the risk of disrupting network operations.
The challenge is to maximize your ability to detect network vulnerabilities while minimizing the risks associated with running active vulnerability scans. Best practices that will help lessen these risks include:
- Run active vulnerability scans on specific network or computer domains, for example, a branch location or a range of IP addresses. This limits any potential negative impact on the enterprise network.
- Only select Nmap scripts1 that clearly define how the script determines there is a vulnerability and the likelihood of false positives. CyberScope provides several predefined Nmap tests that identify common network vulnerabilities. You can also download Nmap scripts from publicly available repositories such as GitHub.
- Define when and how often you will run the Nmap scripts. For example, running scripts outside of regular business hours will minimize the impact on business-critical systems, or running scripts at discrete intervals may prevent IDS/IPS from detecting the scans.
- Standardize your active vulnerability scans. CyberScope’s AutoTest feature allows you to create a profile for running a customized suite of tests. This feature enables you to run active vulnerability scans consistently and predictably within your organization.
1Nmap is an open-source tool that uses active scanning to collect information about the network.