[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Too Scared To Scan
By Ericka Chickowski
March 27, 2013
When it comes to detecting vulnerabilities in mission critical applications,
security professionals often find themselves in a bind. These are usually the
applications that the enterprise can least afford to suffer a hack. But at the
same time, they are also the applications whose owners are most likely to balk
at security testing or scanning probes while they're live. These opponents to
vulnerability scans on production applications point to the near-infinitesimal
tolerance for downtime or disruption as reason enough to leave well enough
alone. But according to security professionals, someone will eventually find
those vulnerabilities and if the organization doesn't do it first odds are it
is the bad guys who will ferret out the flaws.
"Scanning production applications is a challenging proposition, as availability
and data integrity are paramount for organizations," says Wolfgang Kandek, CTO
of Qualys. "However, security has become as important as availability, and
anyway, attackers are doing their own scanning to map out the assets of the
organizations, whether we like it or not."
The fact is that organizations can't fix what they don't know about and when it
comes to many of their most important production applications many enterprises
just don't have the visibility to discover potentially disastrous flaws.
"If you're not scanning production systems for vulnerabilities, you're almost
guaranteed to leave some risk to your most critical assets undiscovered," says
Tim Erlin, director of IT security and risk strategy for nCircle. "There is no
way to manage and mitigate undiscovered risk. The trend is definitely towards
more frequent scanning, but there's no doubt that there are multi-billion
dollar companies out there that don't have a consistent scanning program.â
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org