SANS 20 Critical IT Controls – #10: Continuous Vulnerability Assessment

Attackers are constantly are on the prowl for new vulnerabilities to exploit. You can expect hackers to launch numerous attacks right after vulnerabilities are discovered and announced. That is why it is important to apply vulnerability patches almost immediately after the vendor makes the patch available to you.

The key to protecting yourself against new vulnerabilities is to continuously scan your networks – you must scan with automatic scanning tools on a weekly or even a daily basis. Make sure your vulnerability scanning tool is up to date. Vendors announce new vulnerabilities almost daily, and the tool vendor must update the tool accordingly.

The daily and weekly scans you run are most frequently the unauthenticated vulnerability scans. While these types of scans give you a hacker’s view of your system and test the vulnerability of your system, they have limitations because they can’t authenticate to the system. Therefore, you must also perform a credentialed scan, also called an authenticated scan, every quarter, to analyze the security of your network.

You must ensure that you are addressing each vulnerability through patching, the implementation of a compensating control or by accepting the business risks by not doing anything. To make sure you’re meeting minimum scanning standards, use government approve scanning configuration files for your scanning./ Above all, make sure critical security patches are tested and pushed to production ASAP. Automated patch management tools and software update tools are also very helpful in reducing your exposure to newly discovered security vulnerabilities.

Leave a Comment

Your email address will not be published. Required fields are marked *


Contact Us

If you have an urgent question regarding your software licensing or a software audit, please contact Miro right away.

(732)738–8511 x1208
Use the chat box on the right

About Us

Miro is a leading global provider of software asset management services, specializing in license management, audit advisory, negotiation tactics, support management, and cloud services. We help our clients maximize ROI on their software license investments, stay in compliance, and minimize the impact of audits. Miro's performance guarantee promises that our long-tenured, diverse, and passionate team of expert analysts provides insightful and actionable advice to help our clients achieve the best possible outcomes.

Performance Guarantee

Miro’s no risk Performance Guarantee is that the amount of cost savings that we uncover will be more than our fees.


Managed Services for Oracle Licensing

Miro’s Managed Services for Oracle licensing is a best practice approach for an organization to optimize and outsource the practice of Software Asset Management to specialized external experts to ensure the organization’s compliance with vendor rules and policies.

Learn More