You are here: Resources > IT Security Technical Resources Part3 > How to choose a vulnerability scanning vendor?

How to choose a Vulnerability Scanning Vendor?

Choosing a vulnerability scanning vendor is not as difficult as you may think.

The first option is to go to a security consultancy shop and ask for their vulnerability assessment service.

All firms and IT consultancy shops offer one product or another, the most commonly ones being PWC, Deloitte & Touché, Ernst & Young, KPMG, and Grant Thornton LLP.

To verify the efficiency of the vulnerability scanner, you should:

See for yourself how the consultants perform the scan. You should choose the consultants, not the brand.

Check the documents detailing the steps given by the consultancy shop (for example, ask for a report) to make sure that the structure is detailed enough for your own needs.

Ask from references and feedback from their past and current costumers.

The second option you have is to use regular vulnerability scanner products that are sold in boxes.

These products require your own resources but the advantage is that you can automate scheduled or event driven scans.

To verify the efficiency of the vulnerability scanner, you should:

Conduct a research on the integrity of the vendor: Are they using public data or actual vulnerability research information? And so on...

Check if the vendor has the ability to support custom signatures and 3rd party signatures.

Make sure that their product is easy to use and to configure before buying it.

Ensure that the product has the ability to understand network topology (for example, hosts behind firewall, hosts that are not route able or hosts that have host firewall etc).

IMPORTANT: They must be non-intrusive.

The product must work fast enough to scan a large quantity of hosts within a limited timeframe.

There is a third option: Find an "in the cloud" service offering from product companies or specialists.

The majority of product vendors have recently joined the long list of on-demand remote scanning providers.

It is also crucial that the scanner vendors support an internal scanning device that does not require a lot of attention, firewall configuration, and other work. Self-service providers should have state-of-the-art portal interfaces that manage your scans effectively and quickly. You must test the portals before moving forward.

Related pages

Anti Hacking/Anti-Cracking Tips & Tricks
Anti-Cross Site Scripting (XSS) Tips and Tricks
Anti-SQL Injection Tips and Tricks
Block Email Junk
Email & Spam Test Links
How to choose a vulnerability scanning vendor?
How to get rid of a trojan horse
Internet Information Services (IIS) - Web Service Attacks
IT Security Gurus
Pen Test Appliance
SEO Check for css hiding of elements
SEO Check for img alt title tags spamming
SEO check for no tags noarchive noindex nofollow
SEO check for small size font tag
SEO Check NOSCRIPT text for spamming
SharePoint Multi-Tier Attacks
Spam Blocker
SQL Server - Stored Procedure Attacks
Stop Spam
Technology Papers
Test Your Security Policy
Top 10 Cloud Computing Services
Top 10 Free IT Security Tools
What are Server Misconfigurations and Predictable Pages?
What are the risks of the escalation of privileges in the active directory?
White Papers
Wifi WEP Encryption Cracking Guide
Wifi WPA & WPA2 Encryption Cracking Guide
Worldwide Security Events

Want to be Contacted?

Click here to Get Contacted

Free Services

Free Wi-Fi Top 15 Security Tips
Free Vulnerability Scan

SecPoint News

� Penetrator Vulnerability Scanner V20.0 Released
Get the new Penetrator Vulnerability Scanner V20.0...
Friday May 24, 2013
View more news..

Awards & Reviews

View more awards..

	Free Services
Free Wi-Fi Top 15 Security Tips Free Vulnerability Scan

	SecPoint News
� Penetrator Vulnerability Scanner V20.0 Released Get the new Penetrator Vulnerability Scanner V20.0... *Friday May 24, 2013* View more news..