What are the different types of scans used by F-Secure Elements Vulnerability Management? With Elements Vulnerability Management, there are several different scanning engines that work together to keep you safe.
- Discovery Scan
The Discovery Scan is a fast and reliable port scanner that is used to identify hosts on a network based on asynchronous scanning techniques. Discovery Scan is part of the vulnerability detection workflow: it is used to map all of the hosts on your network, and once systems have been identified, these can be moved to a scan group for vulnerability scanning. Fast host discovery mode can be used on internal networks, and scanning speeds can be adjusted based on your network capacity.
Discovery Scan can be set up to run on a specified interval, and you can opt to configure email notifications, which can be highly valuable, for example, to firewall administrators, in order to monitor changes to open ports.
- System Scan
The System Scan is our most powerful scanning engine, and is designed to identify problems such as configuration errors, improper patch management, and implementation oversights.
During a System Scan, a Discovery Scan will first be run to identify open ports and services on the target hosts, and identify the services running on each port that communicates over IP (such as FTP, HTTP, RDP, and others). Based on the results of the Discovery scan, the System Scan will then attempt to detect any known vulnerabilities in those services.
System Scan consists of both passive and active checks, without being intrusive or damaging in any way. In addition to this, it is possible to perform authenticated scanning, enabling System Scan to log on to a system. This helps the scanner eliminate false positives, detect missing patches and outdated software in common applications. The scanner is constantly kept up-to date based on vulnerabilities reported on public vulnerability databases, as well as those discovered by our security consultants.
- Web Scan
The Web Scan tests for vulnerabilities in commercial and custom-built web applications, which are by far the most vulnerable part of an IT network. Web Scan supports simple form-based authentication and assisted crawling. It operates by first crawling an application, after which it attempts to attack all input parameters found in the HTTP request URL, header, or POST variables. It looks for vulnerabilities and weaknesses such as cross-site scripting or SQL injections.