• Solutions
  • Overview
  • Network Security
    • Vulnerability Scan
    • Penetration Testing
    • Social Engineering
  • Government
    • SCAP
    • FISMA
    • CyberScope
    • CAG 20
  • Industry Compliance
    • PCI
    • HIPAA
    • SOX
    • COPPA
    • GLBA
    • NERC
  • Consultants
  • Enterprise
  • Small Business
  • MSP Solutions
• Products
  • Overview
  • Compare Editions
  • Software
    • SAINTscanner®<
    • SAINTexploit®
    • SAINTmanager®
    • SAINTwriter®
  • On Demand SaaS
    • WebSAINT PRO®
    • WebSAINT®
  • Appliances
    • SAINTbox®
    • SAINTstick®
• Services
  • Overview
  • PCI Compliance
  • Vulnerability Assessment
  • Penetration Testing
  • Web App. Assessment
• Customers
  • Overview
  • Case Studies
  • Testimonials
• Support
  • Overview
  • Technical Support
  • Certification Training
  • Videos
• Resources
  • Overview
  • Literature
  • Request Demo
  • Request Evaluation
  • System Requirements
• Partners
  • Overview
  • SAINT Partners
    • USA
    • International
  • Contact Partners
• Company
  • Overview
  • Contact Us
  • News
  • Events
  • Careers
  • Management

• Solutions Overview

Network Security –

• Vulnerability Scan
• Penetration Test
• Social Engineering

Government Compliance –

• SCAP
• FISMA
• CyberScope
• CAG 20

Industry Compliance –

• PCI
• HIPAA
• SOX
• COPPA
• GLBA
• NERC

 

• Solutions for Consultants
• Enterprise Solutions
• Small Business Solutions
• MSP Solutions

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Vulnerability Scanning with SAINTscanner®

New vulnerabilities are discovered at an astonishing rate. Attackers analyze the vulnerabilities to determine if exploit code can be developed. Once the exploit code has been developed, the launch pad is ready to attack susceptible targets. Organizations that do not continually scan for and repair vulnerabilities face a growing risk of being the next compromised victim. The number one threat to infrastructures today is known vulnerabilities.

One example of a known vulnerability is the MS SQL Slammer Worm, which exploited a widespread vulnerability and spread world-wide at frightening speed. Microsoft announced this vulnerability and issued patches twice in 2002, and SAINT added a check for this vulnerability (CVE-2002-0649). But six months later, the SQL Slammer Worm continued to spread because so many host machines remained unpatched. This is why all administrators should scan their networks for vulnerabilities and resolve any vulnerabilities that are found.

A vulnerability is a flaw in a system, device, or application that, if leveraged by an attacker, could impact the security of the system. Exploits take advantage of a vulnerability by compromising or destructing the vulnerable system, device, or application. Remediation is the process of repairing or providing a remedy for a vulnerability, thereby eliminating the risk of being exploited. Vulnerability scanning is used to identify and evaluate the security posture of a network. Historically, scanners were developed for specific purposes such as scanning only Windows desktops, applications, or network devices. SAINT offers heterogeneous scanning that identifies vulnerabilities across operating systems, desktop applications, network devices, Web applications, databases, and more.

Starting a basic SAINT scan is a 4 step process:

The Scan is Done ... What Now?

In the past, customers relied on severity levels such as High, Medium, or Low to prioritize their battle against vulnerabilities. With the increased number of threats today, this is no longer an effective way of managing vulnerabilities. SAINT Corporation has taken prioritization to the next level by providing the ability to sort, filter, and prioritize threats by mapping industry-recognized identifiers. SAINT is the only scanner today providing the correlation of severity levels, whether it is inferred or confirmed, and if exploit code is available. Vulnerabilities that are exploitable should take top priority for remediation.

SAINT Scanner Sample Mapping

SAINT offers over 40 additional mappings to assist with prioritization, and to allow advanced users to map their own internal IDs or controls. For more information on reporting, see SAINTwriter.

Copyright © 2012 SAINT Corporation. All Rights Reserved.