We're building the future of Supply Chain Security. View Roles

20) How many internal automated vulnerability scans does your organisation conduct each year?

August 31, 2022 Network and Cloud Security Internal Vulnerability Scans

Please state the number of scans completed every year.

What is the control?

As mentioned in the previous article, it’s important to regularly scan your internal systems in order to catch any vulnerabilities.

However, finding the vulnerabilities isn’t enough; they also have to be found in time, which is to say before they can be exploited. It’s therefore equally important to have a high-frequency of scanning.

Why should I have it?

Traditionally, internal vulnerability scans were often performed on an annual, quarterly, or monthly basis.

However, vulnerabilities tend to be disclosed and exploited on a far tighter timescale. As a result, best practices have evolved in recent years to recommend much more frequent scanning.

While generally being considered at lower risk than public-facing systems, internal systems should not be neglected as they could be easy targets for insider threats or anyone that has pierced or bypassed your outer defences.

How to implement the control:

Fortunately, vulnerability scanning is simple to implement and maintain with much of the scanning work and notifications in case of findings easy to automate.

Once you’ve decided on a scanning frequency, make sure to define it in your policies and schedule any work needed to maintain your process accordingly.

Do however ensure that the checks performed include all publicly known vulnerabilities and are updated with checks for new vulnerabilities as soon as they appear.

There are numerous consultancies or individual consultants that will be able to assist in crafting the correct security architecture in a way that meets your business and technical requirements. Please message us if you would like a recommendation.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Leave a public comment

Please do not submit your answer on the knowledge base.