Particularly in your third-party applications, vulnerabilities are a serious issue. But you already knew that. It’s why you strictly apply patches as soon as they become available, and keep every application up-to-date.
Of course, keeping up-to-date with all known third-party application vulnerabilities is an incredibly time-consuming process. As a result, there’s a good chance you’re using a vulnerability scanner to speed things up – and you might think that’s enough to keep you secure.
However, while a vulnerability scanner is a good start and an essential part of your arsenal, it’s not quite enough. Vulnerability scanners alone just aren’t equipped for the way the vulnerability threat looks today.
Application vulnerabilities aren’t just a critical threat – they’re on the rise, year-on-year.
Maybe that’s because software has become more sprawling and complex, so those weaknesses, bugs, and vulnerabilities are harder to detect before an application is out in the world. Maybe it’s simply that more third-party applications are in use – we don’t all rely solely on the Microsoft Office suite like we used to.
Whatever the cause, you need a way to scan your network and find applications where known vulnerabilities exist. The good news is that your vulnerability scanner does exactly that.
The bad news? It doesn’t do it often enough.
Let’s say you run your scan on a Friday. A few application vulnerabilities are discovered, you apply the relevant updates, and celebrate another successful day.
On Saturday morning, a new vulnerability is disclosed. It’s a critical one that attackers could use to gain widespread system access. But between the fact that a scanner needs a signature to be written and you only scan on a Friday, you won’t know about it for almost a week.
Conventional scanning looks at a specific moment in time. But given the sheer volume of vulnerabilities uncovered each year, that potentially leaves you exposed for days on end.