What are the best vulnerability scanning tools? Why?
Sort by:
Head of Cyber Security in Manufacturinga year ago
Please detail out the question, so its clear what the focus is for example:
- Endpoints
- Servers
- Webservers
- Databases
- Applications
- Running Kubernets
- Third Party Libraries
- etc
The best vulnerability scanning tools are the ones that organisations actively use to improve the security of their environments. What I mean by this is that not only are scans configured to run at a regular cadence, but that the results are being analysed and remediation efforts are put in place. I've seen regular instances of organisations running vulnerability assessments as a compliance checklist item, but rarely interacting with the findings to make security posture improvements.
The scanning tool you choose will often be based on your org's appetite for a few things: (not an exhaustive list)
- budget (agent-based VAS is more expensive)
- IT overhead ("do I really need to install yet another agent?")
- does your organisation have automation to, for example, automatically log your VAS calls and have them assigned to a team for remediation? (logging VAS calls manually is extremely time-consuming and emailing scan results to engineers individually isn't effective)
- is someone taking responsibility for remediating underlying reasons for the prevalence of vulnerabilities in their organisation's environment? e.g. if the vulnerabilities point to poor patching cadence, has a proper patching programme been implemented so that VAS isn't being relied on to point out vulnerable applications/operating systems etc.