Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

19) Does your organisation conduct regular internal automated vulnerability scans of its IT infrastructure and remediate any findings?

August 30, 2022
Network and Cloud Security
Internal Vulnerability Scans

Answer yes if your organisation conducts regular internal vulnerability scans of its internal IP infrastructure and remediates the findings.

What is the control?

An internal vulnerability scan involves probing your internal infrastructure and services from within your network (the same vantage point as an attacker inside your network) to find potential vulnerabilities.

While internal systems may be less exposed overall (compared to public-facing systems) owing to not being directly exposed to the internet, they are still exposed to internal threat vectors such as disgruntled employees or an attacker that has breached your perimeter controls.

It’s therefore important to scan internal systems for vulnerabilities on a regular basis as well.

Why should I have it?

Vulnerabilities on the internal network can allow systems to be exploited by inside threats or attackers that have managed to get inside your network perimeter.

Performing checks against internal infrastructure on a regular basis is therefore essential to the early detection of any vulnerabilities that may have been inadvertently introduced or missed. Only by being aware of them can we ensure they are remediated before they can be exploited by an attacker.

How to implement the control

Ensure that your network security policy includes the regular scanning of internal systems and that you have a sustainable and repeatable process to do so.

Vulnerability scanning is technically simple to implement and maintain with much of the scanning work and notifications in case of findings easy to automate.

Most internal scanning solutions work by placing scanning engines on your network which can typically be managed by a centralised console. Due to the limitations in visibility brought on by network segmentation, make sure you have a scanning engine on each of your network segments.

There are numerous consultancies or individual consultants that will be able to assist in crafting the correct security architecture in a way that meets your business and technical requirements. Please message us if you would like a recommendation.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.