Logo
the aspectra blog IT know-how & more, since 2012

The Ecosystem of Vulnerability Scanning

Claudio Digion & Edina Gallos
15.11.2023
vulnerability, security, scanner

Regular vulnerability scans are standard for all systems managed by aspectra. Find out how automated scans detect and help remediate vulnerabilities to protect your network and applications.

What is a vulnerability scan?

A vulnerability scan is an automated scan that systematically checks for vulnerabilities and security gaps in a network or application. It can help prevent attacks by finding vulnerabilities early that need to be fixed.

How do vulnerability scans work?

Vulnerability scans identify potential vulnerabilities in computer systems and networks through vulnerability checks by looking for characteristics that might indicate known vulnerabilities. The scanner assesses the severity and priority of the vulnerabilities and provides recommendations for remediation or risk mitigation.

What can a vulnerability scan detect?

A vulnerability scan identifies and categorises potential vulnerabilities in:

  • System configurations
  • Network configurations
  • Software and middleware

How long does a vulnerability scan take?

A scan can take anywhere from a few minutes to several hours, depending on the scope and complexity of the scan and the system being analysed.The average duration of a scan at aspectra is around 20 minutes.

Is there any danger in running a vulnerability scan?

Normally the impact on performance is negligible. However, special care must be taken with low performance or unstable systems, where the scan must correctly assess the situation and adapt its behaviour so as not to compromise the target system. Our scans have this ability.

What scans does aspectra perform?

  • Internal network scans, which analyse our networks from the inside, and
  • Agent scans, which scan locally on the host systems.

These scans are set up as standard for all our systems.
Depending on customer requirements, additional scans can be commissioned:

  • Compliance scans, which can, for example, check specifically for PCI DSS compliance,
  • Web application scans, which perform specific scans for web applications, and
  • External Network Scans, where we perform scans from the internet.

When do we do scans?

As standard, we perform monthly scans for all aspectra customers. We then provide a summary report of the scans performed. This report can be viewed by authorised persons in the myaspectra customer cockpit.

The following applies to all plans:

  • The timing of the scan period can be freely chosen, so that, for example, maintenance work or patches can be taken into account.
  • It is also possible to have more than one scan per month by agreement.

search