Vulnerability scanning, assessment and management all share a fundamental cybersecurity principle: the bad guys can’t get in if they don’t have a way. To that end, an essential IT security practice is to scan for vulnerabilities and then patch them, typically via a patch management system.
Vulnerability scanning tools can make that process easier by finding and even patching vulnerabilities for you, reducing burden on security staff and operations centers. Vulnerability scanners detect and classify system weaknesses to prioritize fixes and sometimes predict the effectiveness of countermeasures. Scans can be performed by the IT department or via a service provider. Typically, the scan compares the details of the target attack surface to a database of information about known security holes in services and ports, as well as anomalies in packet construction, and paths that may exist to exploitable programs or scripts.
Some scans are done by logging in as an authorized user while others are done externally and attempt to find holes that may be exploitable by those operating outside the network. Vulnerability scanning should not be confused with penetration testing, which is about exploiting vulnerabilities rather than indicating where potential vulnerabilities may lie. A complementary technology is breach and attack simulation.
Top vulnerability scanning tools
The tools listed here are both proprietary and freeware. They’re all rated highly by users, and industry experts from KnowBe4 and Adrian Sanabria at Thinkst Applied Research offered their picks and perspective too. For more on our selection process, see Our Top Security Vendor Methodology.
Qualys Vulnerability Management
The Qualys scanner operates behind the firewall in complex internal networks, can scan cloud environments, and can also detect vulnerabilities on geographically distributed networks at the perimeter. In addition, it scans containers and end points. Pricing may be higher than some other services but the breadth of protection it offers is extensive.
AT&T Cybersecurity Vulnerability Scanning
The AT&T Cybersecurity Vulnerability Scanning Solution can be delivered either as a managed service or run from within IT. It helps detect security vulnerabilities in systems, web applications and network devices. It is probably best as a managed service for IT departments lacking cybersecurity expertise.
Nessus is a widely used vulnerability assessment tool. It is probably best for experienced security teams, as its interface can be a little tricky to master at first. It can be used in conjunction with pen testing tools, providing them with areas to target and potential weaknesses to exploit.
Skybox offers scanless assessment, threat prioritization and smart remediation based on risk. By tying threat intelligence into vulnerability control, and merging results from third-party scanners, it is effective at finding blind spots. User reviews are generally very good. It is probably better for mid-sized to large organizations than SMBs.
Alibaba Cloud Managed Security Service
Alibaba offers a managed service for port inspection, scans for web and system vulnerability, and a vulnerability review to eliminate false positives. It is focused on the cloud and is probably best for non-U.S. businesses in light of ongoing trade hostilities between the U.S.A. and China.
Metasploit covers the scanning and testing of vulnerabilities. Backed by a huge open-source database of known exploits, it also provides IT with an analysis of pen testing results so remediation steps can be done efficiently. However, it doesn’t scale up to enterprise level and some new users say it is difficult to use at first.
Netsparker is very good at what it does – the scanning of websites. But it is not designed to do anything else and so lacks the range of many other products. One plus is ease of use. Its automated web application security scanning capabilities can also be integrated with third party tools. Operators don’t need to be knowledgeable in source code. Very good for SMBs rather than large enterprises.
If you are an AWS shop, then Amazon Inspector is the automated security assessment service for you. It scans all applications deployed on AWS and can be extended to Amazon EC2 instances, too. But it can’t scan Azure, Google Cloud or on-premises data centers and server rooms. Thus, it s only recommended for those enterprises and SMBs running mainly on the Amazon cloud.
Burp is a web vulnerability scanner used in a great many organizations. Although there is a free version available, it is limited in functionality, with no automation capabilities. Those wishing for the complete package for enterprise wide scalability and automation should be prepared to pay well. Security professional only needing a good automated vulnerability scanner for testing of code can make do with the Professional version, which is cheaper.
Acunetix Vulnerability Scanner
Acunetix is another tool that only scans web-based applications. But its multi-threaded scanner can crawl across hundreds of thousands of pages rapidly and it also identifies common web server configuration issues. It is particularly good at scanning WordPress. Therefore, those with a heavy WordPress deployment should consider it.
Intruder is a cloud-based vulnerability scanner that concentrates on perimeter scanning. Any deeper in the enterprise and it needs to be supplemented by other tools. But it is strong at discovering new vulnerabilities. Therefore, it’s a good choice for those looking to harden the perimeter.
Nmap is a port scanner that also aids pen testing by flagging the best areas to target in an attack. That is useful for ethical hackers in determining network weaknesses. As it’s open source, it’s free. That makes it handy for those familiar with the open source world, but it may be a challenge for someone new to such applications. Although it runs on all major OSes, Linux users will find it more familiar.