4 Questions IT Leaders Should Ask Before Purchasing a Vulnerability Scanning Solution

July 11, 2019 Arctic Wolf Networks

As the old saying goes, "an ounce of prevention is worth a pound of cure."

So how does this relate to cybersecurity? Glad you asked!

Identifying vulnerabilities before they are exploited is worlds better than putting the fix in after the fact. That’s why for many IT leaders adding a vulnerability scanning solution tops their to-do list.

A series of puzzle pieces with text "social engineering" "disaster recovery" "network analysis" pieced together.

However, not all services are created equal. To ensure the vulnerability scanning solution you choose aligns with your needs and goals, ask these four questions.

1. What Do You Scan?

There are multiple answers vendors may give:

A. "We scan internal networks to identify any exploitable holes from within the organization."

B. "We do external scans that make sure there are no holes in your defenses in the first place."

C. "We do endpoint scanning instead of scanning networks."

So which approach is best?

The answer is:

D. All of the above.

Risks exist across internal networks, external networks, and on endpoints like PCs, mobile devices and IoT hardware. To only focus on one is to leave yourself vulnerable, while scanning for all three using three separate solutions makes it difficult to gain a holistic view of your vulnerabilities or effectively prioritize a response.

What to Look for:

  • A comprehensive vulnerability assessment solution to get a comprehensive view of your risks.

2. How Often Do You Scan?

Some solutions scan for vulnerabilities once a week, some once a month, and some as infrequently as once a quarter. But it takes only an instant for a hacker to take advantage of an exploit. That means even daily scanning isn’t enough.

What to Look for:

  • A solution that provides visibility into the real-time threat landscape on your internal networks, external networks, and endpoints. Only then will you have a true sense of your risk and be able to effectively manage and prioritize your patches.

3. How Do You Measure Success?

No matter how much you prioritize patching or how completely you dedicate resources, there will always be more vulnerabilities to close. So if you’re not 100% secure you’re covered, how will you know if you’re at least secure enough?

What to Look for:

  • A vulnerability assessment solution that includes a dashboard that quantifies your cyber risk posture by incorporating all meaningful cyber risk indicators from your business based on the KPIs most important to you. By providing a quantifiable security score, you can tell if you’ve fallen past a threshold that requires action.
  • A solution that incorporates benchmark scores based on data from other companies like yours to help ensure your security posture is up to snuff.

4. Who Can I Call?

No, not the people that bust ghosts in this situation. After doing a vulnerability assessment you must take action! But that’s easier said than done. IT staff often have a full plate and aren’t always updated on the latest cybersecurity best practices.

What to Look for:

  • A vendor that backs up automation with a team of skilled security professionals you can call any time for actionable security recommendations and insights. These experts should have experience analyzing security events for hundreds of customers so that they can more easily help solve your issues.
  • A vendor willing to provide a dedicated security team to serve your account so that you can be confident that those you engage with are always familiar with your unique system—and not people who happen to work the help desk that day.

Arctic Wolf™ Managed Risk Services

The Managed Risk portfolio of Arctic Wolf’s risk assessment services enables you to continuously scan your networks and endpoints, and quantify risk-based vulnerabilities.

Unlike alternatives that rely on automated approaches that make assessing vulnerabilities difficult, Arctic Wolf’s Concierge Security™ Team provides a quantified, real-time understanding of your cyber risks so you can take prioritized action to improve your cyber risk posture. It complements Arctic Wolf™ Managed Detection and Response, which provides the most comprehensive security operations center (SOC)-as-a-service in the industry.

To learn more, download our Managed Risk Services datasheet.


Previous Article
Netflix Researchers Discovered 4 Vulnerabilities that Could Cause Chaos in Data Centers
Netflix Researchers Discovered 4 Vulnerabilities that Could Cause Chaos in Data Centers

Researchers of the popular TV and movie streaming service Netflix have identified and resolved four major L...

Next Article
A Chrome Extension Vulnerability Exposed 4.6 Million Evernote Users to Potential Cyberattacks
A Chrome Extension Vulnerability Exposed 4.6 Million Evernote Users to Potential Cyberattacks

A cross-site scripting vulnerability in Evernote's Web Clipper Chrome extension gave hackers an entryway to...


Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!