Mid-Range to High-End Vulnerability Scanning
With concerns mounting ceaselessly about company and organizational security posture and attack readiness, more IT and information security professionals are turning to more detailed, powerful security-scanning services to help them conduct security audits, assess security posture or check ongoing work on regular security upkeep and maintenance.
Though excellent free security scans are available online at sites such as Steve Gibson research (try Shields UP! if you haven’t used it already) and Symantec Security Response (click the “Check for Security Risks” button, then click “Symantec Security Check”), they don’t really cover the full library of known vulnerabilities and exploits. For such scans, one must turn to more powerful offerings, often available only for a fee.
Thus, many interested professionals turn to sites like:
- HackerWhacker: Offers various scanning options from $9.95 for one week’s access to tools, subject to IP address limitations, to $300 a year for unlimited access from any IP address.
- SecuritySpace: Offers all kinds of audit deals for corporate users that can be scheduled weekly or monthly, subject to number of devices, IP address ranges and so forth.
Lots of other options are also available, for those willing to spend a little time with their favorite search engines, looking for things like “Web-based security scanning services” or “network security scanning” and so forth.
What makes these offerings interesting and ultimately valuable is that the best of them (including those mentioned above) not only document vulnerabilities discovered, but also supply detailed “remediation advice” designed to help system and network administrators fix or create safe workarounds for them. Since finding the trouble is only half the battle, obtaining help on fixing or working around vulnerabilities is worth as much or more as the finding itself. This kind of service also gets a lot of its value from the continuous, ongoing work on keeping vulnerability scans up with vulnerabilities and exploits as they’re discovered. Since harried IT and infosec professionals often don’t have time to do all the research and development work involved, a reliable, up-to-date scanning service helps eliminate potential headaches about completeness of coverage. Definitely worth investigating!