Vulnerability management is a security practice specifically designed to proactively mitigate and prevent the use of IT vulnerabilities in the system. The process includes the identification, classification and removal of various system vulnerabilities. It is an integral part of computer and network security along with risk management and other security practices.
VULNERABILITY SCANER – DETECTION & REMEDIATION
Vulnerability scanning is the inspection of potential exploit points on a computer or network in order to identify security vulnerabilities.
- detects and classifies system weaknesses in computers, networks and communication equipment,
- anticipates the effectiveness of the remedial measures.
The scanner compares the details of the target attack surface with a daily updated database containing information about known service and port vulnerabilities, package design anomalies, and potential paths to exploitable programs or scripts. The scanner software tries to exploit each detected vulnerability.
Keep in mind that for each vulnerability there are dozens (if not hundreds) of exploits – this is why vulnerability mitigation is the most effective way to defend your system. There are different modes of action for the vulnerabilities detected: repair, mitigate or accept.