Internal Vulnerability Scanning
An internal vulnerability scanner is a useful tool to help MSPs identify real and potential threats to their client's IT infrastructure. SolarWinds Risk Intelligence from SolarWinds MSP (formerly LOGICnow) includes vulnerability scanning to help you root out weaknesses in customer networks and stop cybersecurity attacks before they start.
Types of Network Vulnerability Scans
In the world of IT, there are two kinds of scans:
External scans look for vulnerabilities at the perimeter of the network from the outside looking in. Internal scans search for susceptibilities within the network.
While organizations are quick to throw money and resources at securing the network perimeter from outside attacks, many allocate a fraction of those resources to securing their network infrastructure against inside attacks. Because the attack surface behind today’s firewalls is tempting for malicious attackers, it behooves companies to find vulnerabilities within their networks utilizing the same vigor and due diligence used to protect against attacks from the outside.
Internal scans are heartily recommended for businesses of all shapes and sizes. But organizations that are required to comply with stringent regulatory guidelines — such as PCI DSS and HIPAA — are forced to conduct internal scans. Otherwise, they can face litigation, harsh penalties and tarnished reputations.
How Pervasive Are the Threats?
For its 2016 Data Breach Investigations Report, Verizon found internal breaches spanned over 82 countries across a wide range of verticals, especially in the entertainment, finance, information and public sectors. The number of security incidents exceeded data breaches and security incidents by a wide margin, resulting in the confirmed (not potential) exposure of data to unauthorized parties.
Nearly 25 percent of events were discovered in a matter of “days or less.” However, that percentage increase is slowing compared to compromises that took “days or less.” This indicates that attackers are outpacing IT departments when it comes to security.
According to research conducted by the CERT Insider Threat Center at Carnegie Mellon’s Software Engineering Institute (SEI), there are three main categories of insider threats:
- Intellectual property theft
Finding the Right Tool
While conducting internal vulnerability scans is a great best practice to follow, and even required to remain in compliance with regulatory standards, most organizations do not have the internal resources to perform them. This presents managed service providers (MSPs) with ample opportunities to add this service to their portfolios.
The key to success is finding an accurate tool that combines power and intelligence into a single solution that allows you to protect your clients’ networks while enabling you to grow your company at the same time.
Internal Vulnerability Management with MSP Risk Intelligence
Through the use of its powerful internal vulnerability scanner, MSP Risk Intelligence from SolarWinds MSP pinpoints risks across a client’s environment, including:
- Computer and server vulnerabilities
- Firewall vulnerabilities
- Newly installed system components
- Misconfigured devices
- Tablet, smartphone and other BYOD risks
- Threats from email, malware, and VPN connections
- Unpatched software
- Website flaws
- Exposure of confidential and sensitive content
Simple, Comprehensive Vulnerability Scanning
MSP Risk Intelligence combines the simplicity of the cloud with comprehensive vulnerability management capabilities to protect your clients against threats. MSPs can conduct scans regardless of their physical location. All scans are lightweight to minimize the impact on network resources and business operations while boasting deep scanning technologies.
Deep scanning technologies allow MSP Risk Intelligence to:
- Scan devices on client networks in seconds.
- Bypass the hassles of device permissions before accessing workstations, servers, and networks.
- Test application vulnerabilities thoroughly and eliminate anomalies that can attract cyberattacks from malware and other rogues.
- Crawl through applications to detect real and potential holes in the software.
- Identify unpatched software across all client networks.
- Search through email to uncover vulnerabilities.
The following list summarizes MSP Risk Intelligence’s key features:
- Searches span networks, individual workstations and mobile devices to expose weaknesses regardless of their location.
- Scans all file types, including Microsoft Office documents, database files, compressed files, emails, archives and more.
- Scans a myriad of platforms including Microsoft Exchange, SharePoint, cloud storage and more.
- Updates its Vulnerability Scoring System (CVSS) database daily with the latest threat information to keep scans current with the latest vulnerabilities.
- Detects malware and vulnerabilities on Microsoft Windows, Mac and Linux operating systems using the latest threat information from the CVSS database.
- Scans email messages and attachments for vulnerabilities and threats.
- Scans VPN connections for threats whenever a new or suspicious device appears.
- Shows trends over time.
- Identifies underperforming systems.
- Compares monthly and weekly threat statistics sorted by operating system, remote offices and criteria important to you and your clients.
- Reports on software applications such as Adobe, Flash and Java, whose unpatched status makes them prone to attacks.
- Supports grouping, searching, sorting and filtering capabilities that provide rapid notification of threats and the systems they affect.
- Maps unprotected data and vulnerabilities to their calculated financial impact on a client.
Uniquely Suited for Regulatory Compliance
MSP Risk Intelligence’s internal vulnerability scanner helps MSPs ensure their customers comply with government and industry regulations. Features specifically geared toward regulatory compliance requirements include the ability to:
- Scan for internal PCI DSS and Primary Account Number (PAN) vulnerabilities using host-level authentication patterns.
- Scan for payment information across servers, workstations and mobile devices.
- Find all users who have access to cardholder data.
- Discover at-risk credit card data, no matter how deeply it’s buried within a network.
- Encrypt data-in-transit and data-at-rest using IPsec or SSL VPN tunnels, without having to deploy unwieldy public key infrastructures.
SolarWinds MSP solutions take regulatory compliance even further by protecting cardholder data while it’s stored and when transferred through servers. Security is assured with the following features:
- Total data encryption between clients and SolarWinds MSP solutions
- Unique logins when accessing systems
- Two-factor authentication
- IP whitelisting
- Audit trails by logging all application activity
Many breaches can be prevented by limiting user access to personal identification information. Before you configure access permissions, however, you have to know which users have access to what data.
MSP Risk Intelligence comes with its set of permissions discovery tools that allow you to:
- Discover who can and cannot access sensitive data. Granular detail allows you to see details about read/write access to a wide range of file types.
- Locate unsecured payment information collected by sales associates.
- Identify confidential data, such as trade secrets, intellectual property, and mergers, that place this sensitive information at risk.
How Much is Your Data Really Worth?
Company stakeholders understand security from a dollars-and-cents perspective, which makes it challenging for MSPs to plead their cases for securing networks from the inside.
MSP Risk Intelligence’s reporting platform assigns an exact dollar figure on an organization’s vulnerabilities, helping you to make a compelling business case for strong, layered security.
Designed with MSPs in Mind
Like all SolarWinds MSP solutions, MSP Risk Intelligence has been built from the ground up with MSPs in mind.
Results show severity levels grouped in ways that pinpoint the most critical vulnerabilities to address first. Filters and drill-downs allow you to view specific details about vulnerabilities, such as where sensitive data is located and who has access to it.
The results include a calculated “security number” that identifies the potential dollar liability to which your clients are exposed. To present a compelling to your customers, the security number takes into account the severity of the vulnerabilities are and the amount of unauthorized access.
MSPs can rank threats according to which pose the biggest issues. Synchronization of the CVSS database, which is updated daily by the SolarWinds MSP research team, clients are protected 24/7 against the latest cyber threats.
MSP Risk Intelligence can be used as a stand-alone solution that scans internal networks in real-time or in tandem with our other MSP products as part of an integrated suite of managed security solutions:
- MSP Remote Management
- MSP Backup & Recovery
- MSP Mail Protection
The synergy created by combining the detection, scanning, and reporting features of MSP Risk Intelligence with the power of our other MSP products forms a digital blanket of multiple layers of security to mitigate damage resulting from increasingly sophisticated, multifaceted threats.
Every layer protects a different area in a client’s IT infrastructure where a threat can attack. If the attack can circumvent one layer, there are additional layers that block the path between the threat and the network. By working in concert, the network is protected against single points of failure that can compromise the network itself and the confidential and sensitive data residing on it.
SolarWinds MSP solutions offer the following types of security layers that MSPs can add to their collection of service offerings:
- Anti-spam and anti-virus software
- Backup and recovery
- Data encryption
- Email protection and archiving
- Patch management
- Privacy controls
- Vulnerability assessment and analytics
- Web protection
Free 30-Day Trial!
Try MSP Risk Intelligence free for 14 days — no credit card required. Sign up for a free trial today!
About SolarWinds MSP
SolarWinds MSP delivers the only 100% SaaS, fully cloud-based IT service management (ITSM) platform, backed by collective intelligence and the highest levels of layered security. SolarWinds MSP’s products — including Risk Intelligence, Remote Management, Backup & Recovery and Mail Protection — comprise the market’s most widely trusted integrated solution.
Deployed on millions of endpoints across hundreds of thousands of networks, the platform has the industry vision to define and deliver the future of the market. SolarWinds MSP provides the most comprehensive IT security available as well as LOGICcards, the first ever IT notification feature powered by prescriptive analytics and machine learning.
SolarWinds MSP’s passion is helping IT professionals secure and manage their systems and data through actionable insights, rewriting the rules of IT.
For more information, visit www.solarwindsmsp.com.
PCI Compliance Guide: https://www.pcicomplianceguide.org/internal-vs-external-vulnerability-scans-and-why-you-need-both/
Carnegie Mellon University: https://insights.sei.cmu.edu/insider-threat/2013/10/-analyzing-insider-threat-data-in-the-merit-database.html