One of the most common questions we get asked when we offer our free vulnerability scan to our customers is, “What exactly is a vulnerability scan anyway? In short, it’s a lot like an anti-virus scan you might run on your home computer. A vulnerability scan checks your system for weaknesses that hackers can exploit and lets our experts know what next steps to take for your security. 

A vulnerability scan is an automated process that examines network connected systems comparing their settings, software, and operating systems with the current set of known vulnerabilities to generate a report showing which of those vulnerabilities exist on the systems examined. Note that this definition specifies known vulnerabilities. Vulnerability scans are not able to identify Zero-Day vulnerabilities (those that have not yet been discovered). But securing existing vulnerabilities goes a long way to preventing future ones. 

So, your computers run on Windows or MacOS. Those are your “operating systems”. Your Point of Sale and Inventory Management devices run on a Linux operating system specially designed for those devices and their functions. Just like your home computer, these systems need to be updated regularly to ensure any flaws are fixed. The updates don’t just repair functionality flaws though. Microsoft, Apple, and other providers perform continuous security testing as new threats emerge. So, the updates often include additional security patches to protect your system from these newly discovered threats. Updates come out pretty often, every week or so. If you haven’t installed the most recent updates to all of these systems, there will be vulnerabilities in your systems that can only be found by vulnerability scanning unless cyber-attackers find them first. 

You might think of a vulnerability scan like a home computer anti-virus scan.  Both examine systems for the existence of indicators of characteristics that match those in their inventory of viruses or vulnerabilities. Viruses show up as pieces of code or software. Each piece of code is hashed (a process that transforms the code or software into a string of numbers and letters that always comes out the same by use of an algorithm). Virus hashes (results of the algorithmic transformation of the code) are stored in the anti-virus program’s inventory and any code on your system that matches a virus’s hash is identified. For both, it’s important to update their signatures or profiles before using them to scan your systems. This step ensures the latest threats and hashes are included in the scan you intend to run. 

Where anti-virus and vulnerability scanning differ is that once an anti-virus program identifies a virus, it moves the malicious code out of the functioning part of your system. This is a process known as quarantining. It’s not unlike when we had to isolate ourselves during COVID, and we all know about that! The sick folks keeping out of the rest of the population is meant to keep healthy people from catching the virus. This quarantine process means your system can safely operate without the dangerous impacts the virus presents. A vulnerability scanner, however, cannot quarantine anything because there’s no malicious code to move out. Instead, it generates a report of the vulnerabilities found and ranks them by severity. The next steps are on the system owner. The report gives you a lot of information about the vulnerability (e.g. how it impacts the system, how easy or hard it is for an attacker to use the vulnerability, and what you can do to fix it). Whether a system needs to be updated (install/apply updated software to the system), upgraded (install new software because the old version you’re using is no longer supported), or reconfigured (change systems settings to strengthen your system so the vulnerability cannot be exploited). In some cases, it’s very simple to mitigate vulnerabilities. Just install all updates. Other times, it requires a skilled technician to reconfigure the system without breaking it. 

There are several tools used to scan systems for vulnerabilities. The most common and reliable tool for small businesses is Nessus Vulnerability Scanner. Another vulnerability scanner, known as Nmap, is limited to finding open ports on network connected devices but is also relatively simple to use. Finding open ports on systems is useful because it reveals unnecessarily open or misconfigured ports that allow attackers to get a foothold in a vulnerable system then leverage that to migrate to other systems within the network. More complex networks and organizations that use customized software products may require other tools which require the skills of a qualified cybersecurity consultant to use. Various website and web application scanners are available too (e.g. OWASP Zap, Burp Suite, and Nikto) that focus on the site’s host system, any information sources connected to it (e.g. databases, email servers), and other security aspects unique to web-based assets. 

Depending on the number of systems in your organization, a vulnerability scan can take as little as twenty minutes to an hour. A cybersecurity professional brings in their laptop with all the tools necessary to your site and connects to your business network. It’s important they’re connected to the right network, so make sure they have access to the Wi-Fi and an access password to log into the network that your business systems operate on. And while most skilled cybersecurity consultants can get your network credentials on their own (i.e. hack your Wi-Fi), it’s best if you provide the Wi-Fi name and password to save time. If there are multiple networks (e.g. guest or networks or subnetworks assigned for specific types of systems or business efforts) the consultant may need to examine them as well. Once connected, the consultant will perform a host discovery scan to identify all devices attached to that network. This shows them how many and what type of devices are connected to the network as well as their IP addresses (a sequence of numbers, like a street address for a home or business, that tells other systems where they are on the network so they can communicate). Once the hosts (another name for a connected device) are known, the consultant can do two things 1. compare the host inventory to a list of authorized devices to identify and eliminate any unauthorized devices and 2. accurately configure the vulnerability scan targeting the authorized hosts. If time is short or if no list of authorized hosts is available, the consultant may just configure the vulnerability scan to all network hosts. Either way, the results will show all known vulnerabilities on all hosts that are scanned. 

Vulnerability scanning is a proactive procedure that gives any business owner critical information about their information systems and enables them to protect their systems, information, and people in their organization. If you haven’t scanned your systems for vulnerabilities, you don’t know the risks to your business technology and are therefore among the easy targets cyber-attackers are looking for. We Know Cyber is offering a free, no-obligation vulnerability scan of your systems, so give us a call. You have nothing to lose and so much awareness to gain.