Network Vulnerability Scanner Features & Tools | Rapid7

What is network vulnerability scanning?

Network vulnerability scanning is the process of identifying weaknesses on a computer, network, or other IT asset that are potential targets for exploitation by threat actors. Scanning your environment for vulnerabilities informs you of your current risk posture, the effectiveness of your security measures, and opportunities to improve your defenses through vulnerability remediation.

Obtaining and deploying a network vulnerability scanner is often the first step in creating a more proactive security program. To face modern attackers, it’s no longer enough to build high walls and wait out a siege; modern security programs have to identify the holes that they could exploit and seal them up before threat actors can take advantage. Network vulnerability scanners let you quickly assess your network for these holes, show you how to prioritize and remediate flaws, and provide a great barometer for the overall success and progress of your security team.

Network scanning tools 

Vulnerability scanning is inclusive of several tools working together to provide maximum visibility and insight across your network. These tools can include: 

• Endpoint agent: Collect data from endpoints all over your network. A single agent can continuously monitor for vulnerabilities, incidents, and collect log data. 
• Cloud and virtual infrastructure scanning: Extend visibility beyond physical infrastructure and ensure you’re securely configuring everything across the network. 
• Compliance upkeep: Pre-built scan templates enable out-of-the-box visibility into your organization’s compliance with regulatory standards specific to your industry.

The ability to fully scan your network is critical to efficient vulnerability detection and remediation, as well as maintaining a good reputation.

Types of vulnerability scanning

There are many great reasons to continuously perform vulnerability scans across your network, but scans can vary in type. For instance, discovery scans are usually performed quickly and typically focus on system discovery and any TCP/UDP ports that may be open. 

Then there are unauthenticated scans versus authenticated scans. The unauthenticated variety performs detailed enumeration, which can include DNS resolution, operating-system type, and services running. This methodology does not require credentials to perform scans on discovered systems. 

Authenticated scans leverage credentials to log into systems and perform even more specific enumeration. This includes software vulnerabilities, system configuration issues, and benchmarks against regulatory frameworks like CIS, NIST, and more.