The Best Vulnerability Scanners

Vulnerability scanners seek out known weaknesses, using constantly updated vendor databases to track down systems and devices on the network that may be vulnerable to attack. These programs look for such things as misconfigured systems, unsafe code, malware and the latest updates and patches. They can deal with network or computer hardware and software vulnerabilities. Many of these vulnerability scanners are well known throughout the industry and are top ranked.

  1. Retina

    • Retina is a vulnerability management program offering a compliance element designed to help organizations of all sizes with vulnerability assessment and mitigation, as well as protection. The program uses recommended testing standards that organizations should follow to meet their security protocols.

      Among those standards are some used for assessment. Vulnerability scanners should test clients (desktop PCs) and server computers (hardware), but they should also test the applications running on all systems, including web files, databases and network programs.

      The vulnerability scanners should also provide mitigation. For example, zero-day attacks occur when hackers decide to expose the vulnerabilities of a recently released software program, causing it to crash. Hacker attacks could also open up the newly released program to virus infections. Mitigation software prevents outside entities from manipulating the new application, preventing zero-day attacks.

      Finally, a vulnerability scanner also offers protection from well-known and established viruses. The scanner should have a database of known viruses and update that database frequently.

    GFI LANguard

    • GFI LANguard offers a different set of operations as it works to identify vulnerabilities in the system. It scans the network and ports to detect--then assess and correct--the discovered security vulnerabilities with minimal effort. Network administrators often deal separately with problems related to vulnerability issues.

      They must also deal with patch management, which involves product updates to existing software. Patch management is important because program updates must be monitored and installed; otherwise the system may be exposed, and also provide a false sense of security.

      Finally, network auditing must also take place. Network auditing is important because it identifies all the hardware and software on the network. GFI LANguard provides one package to deal with these issues.

    Nessus

    • Nessus features high-speed discovery, asset profiling, sensitive data discovery (such as passwords and social security numbers), configuration auditing (analyzes device configuration) and vulnerability analysis of network security. Network administrators can distribute the Nessus software scanners throughout the entire enterprise, inside DMZs (demilitarized zones--neutral areas that lie between the private network and Internet), and across physically separate networks. The scanner is a virtual machine software that mimics a real appliance.

      A virtual machine is a program that can run different operating systems on the hosting computer than the one actually running on the hosting computer. If the hosting computer has Windows 7, the virtual machine could be running Windows XP or Vista. It executes programs like the hosting machine. Therefore, Nessus runs the virtual machine as if it were a real "physical" appliance to run vulnerability scans.

      Nessus provides a real-time professional feed. It monitors policy compliance to the security standards a business has implemented. The network administrator will know if the business has complied with all standards.

Related Searches

References

Resources

  • Photo Credit alarm warning notice image by green308 from Fotolia.com

You May Also Like

Related Ads

View Blog Post

Enter the Geek Vs Geek Giveaway and Win a Roku!