Vulnerability Scanning with SAINTscanner®
Today's attackers are more advanced than any time in modern history. With the growth of world-wide hacking groups and state-sponsored attacks, no industry sector is immune from attack. It is more important than ever to remain vigilant and to ensure vulnerability management and penetration testing resources are included in your overall risk management plans and execution.
Before you can secure a network, you have to know how it's threatened. SAINT uncovers areas of weakness and recommends fixes. With the SAINTscanner you can:
- Identify vulnerabilities on network devices, operating systems, desktop applications, Web applications, databases, and more.
- Detect and fix possible weaknesses in your network’s security before they can be exploited by intruders.
- Anticipate and prevent common system vulnerabilities.
- Demonstrate compliance with current government and industry regulations such as PCI DSS, NERC, FISMA, SOX, GLBA, and HIPAA.
- Perform cofiguration audits with policies defined by FDCC, USGCB, and DISA.
- Vulnerability Scanner at a Glance
- Lets you exploit vulnerabilities found by the scanner with the integrated penetration testing tool, SAINTexploit.
- Shows you how to fix the vulnerabilities, and where to begin remediation efforts —with the exploitable vulnerabilities.
- Allows you to assess both external and internal assessments.
- Performs authenticated and unauthenticated vulnerability scans for operating systems, databases, and Web applications.
- Lets you scan and exploit targets with an IPv4, IPv6, and/or URL address.
- Shows you if the network is compliant with PCI security standards; SAINT is certified by the Payment Card Industry (PCI) Security Standards Council as an Approved Scanning Vendor.
- Correlates industry standard identifiers such as CVE, OSVDB, BID, IAVA, OVAL, SANS/FBI Top 20, the presence of exploits, CVSS score, vendor ID, and many more.
- SAINT provides support to the OVAL Adoption Program as a Vulnerability Scanner, and provides the capabilities as both a Definition Evaluator and a System Characteristics Producer.
- Allows you to design and generate vulnerability assessment reports quickly and easily. Lets you present the findings of even the largest network scans in an easy-to-read format with colorful charts.
- SAINT is an agentless solution that does not require agent software to be loaded on assessed endpoints.
- Shows you if your network security is improving over time by using the trend analysis report.
- Gives you the option to store the vulnerability data locally or remotely; your vulnerability data does not need to be sent across the Internet.
- Provides automatic updates with new vulnerability checks and exploits on a daily basis.
- Lets you manage and schedule scans across large enterprises with the SAINTmanager remote management console.
- Allows you to add your own custom checks and vulnerability signatures.
- Performs content scanning for data (e.g., credit card or social security numbers) that should not be stored on desktops/servers.
Identify security vulnerabilities. SAINT's up-to-date database includes thousands of known vulnerabilities. In addition to identifying vulnerabilities, SAINT gives you the threat level and shows you how to fix them.
Continuous protection with automatic updates. SAINT releases new vulnerability checks every 2-3 days. Because SAINT checks for updates every time it runs, you can be confident that you are defending your network against the latest threats.
Accurate view of your network. SAINT assesses your network for anything connected to your network with an IPv4, IPv6, and/or URL address.
Powerful customizable reporting. Build your own custom reports or use SAINT's preconfigured templates for a variety of reports from executive level to detailed technical reports. SAINT's trend analysis report will give you a picture of your network's security improvements over time.
Manage resources more efficiently. Knowing the extent of your network vulnerability lets you focus attention and resources where they are needed most. Because the scanner is integrated with the exploit software, you can begin your remediation with the critical exploitable vulnerabilities.
New vulnerabilities are discovered at an astonishing rate. Attackers analyze the vulnerabilities to determine if exploit code can be developed. Once the exploit code has been developed, the launch pad is ready to attack susceptible targets. Organizations that do not continually scan for and repair vulnerabilities face a growing risk of being the next compromised victim. The number one threat to infrastructures today is known vulnerabilities.
One example of a known vulnerability is the Oracle vulnerability (CVE-2013-0422). This vulnerability was first reported in 2012; its impacts were dramatic throughout various industries and extended well into 2013. This vulnerability was designed to attack Mac computers. However, it was at the root of attacks throughout the market, including Facebook.
In this example, SAINT rapidly updated and deployed vulnerability checks and an exploit for this vulnerability, to ensure our customers could quickly identify and remediate the risks from this threat. This is just one example of why all administrators should scan their networks for vulnerabilities and resolve any vulnerabilities that are found.