Credentialed Scan Failures Report

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email
Tenable.io Vulnerability Management

I am often asked, “How can I be more productive and get better results from my vulnerability scans?” This question could be the result of a failed audit, network outage or breach that was previously undetected. Traditionally, vulnerability scanning may consume a large amount of resources. Vulnerability scanning is also often perceived as being disruptive and intrusive to the environment. The Tenable.io Credentialed Scan Failures report can assist you and your organization in making better, more informed decisions on how to improve your vulnerability management program.

Identify vulnerability or prove exploitability?


Credentialed Scan Failures Reports

Non-credentialed scanning

There are two philosophies of vulnerability scanning. The first philosophy believes that a system needs to be penetrated to prove that the system is, in fact, vulnerable. This non-credentialed type of intrusive scanning methodology is based on attacking a system in the same manner that a malicious actor would. There is merit to this type of scanning, as successful attacks prove that devices are vulnerable to exploits.

Tenable.io uses advanced technologies to try to avoid any unnecessary disruption to services, but there is the risk of having the non-credentialed scan leave fragile systems and some network devices in an unstable state. This instability may lead to a loss of data and revenue, and has the potential for significant legal or financial impact. All too often, when using non-credentialed scanning, more questions than answers are created.

Credentialed scanning

The second philosophy is credentialed scanning. Credentialed scanning is a less disruptive scanning technique that is performed with valid credentials. Operations from OS identification to port scanning are performed locally on the host. For example, devices can be queried locally to see if a patch has been applied.

Looking directly at the installed software, including the version numbers, vulnerabilities can easily be identified. Password policies can be read, USB devices can be enumerated and anti-virus software configurations can be checked, all with minimal to no impact on the device. This consumes far less system and network resources than the previous method. Credentialed scanning also presents less risk to the environment, and the results are far more accurate.

The Tenable.io solution

The benefits of credentialed scanning are significant. To ensure that you are reaping those benefits, you need to be certain that credentialed scanning is working. When I want to know how many credentialed scan failures have occurred, I look to the Credentialed Scan Failures report in Tenable.io.

The Credentialed Scan Failures report delivers an organized list of failed credentialed scans that you can use to quickly identify and remediate scanning issues on a network. The report covers a 25-day scanning history and provides a breakdown of various Windows scan issues and SSH failures, as well as general credential failures. You can use this report to present information on the success (or failures) of your credentialed vulnerability scanning program.

Key elements in this report, such as the Scan Failure Metrics element, provide an overview into many issues that may be attributed to credentialed scan failures. This summary is useful for executives who want a complete overview of the status of credentialed scanning within the organization. For those who want a deeper dive, failures identified on this element are expanded in detail in other chapters of the report.


Scan Failure Metrics element

For example, you see in the above image that there is one SMB invalid credential failure, five SSH failures and thirty hosts scanned without credentials. Referencing the report sections specific for those failures, you can identify why those failures occurred and remediate the issues. You can also identify each and every host by IP and DNS that was scanned without credentials.


Failure details

Benefits of credentialed scanning

Vulnerability scanning on a regular basis, audits and penetration tests should all be part of your ongoing risk management program. Scanning without credentials is valid for some attack vectors and identifying what is visible. But credentialed scanning looks under the hood and beyond the surface to provide a very accurate snapshot of your environment. Credentialed scans are quick, easy and safe, resulting in a better picture of your overall vulnerability state and enabling you to identify and analyze potential security issues before the hackers do.

Try Tenable.io

Tenable.io provides accurate information on how well your organization is addressing security risks and helps track improvements over time. Get a free trial of Tenable.io Vulnerability Management for 60 days.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
1612 Followers
About Tenable
Tenable™, Inc. is the Cyber Exposure company. Over 24,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into Tenable.io™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include over 50 percent of the Fortune 500, large government agencies and organizations across the private and public sectors. Learn more at tenable.com.
Promoted Content
Five Steps to Building a Successful Vulnerability Management Program
Is your vulnerability management program struggling? Despite proven technology solutions and the best efforts of IT teams, unresolved vulnerabilities remain an ongoing source of friction and frustration in many organizations. Regardless of how many vulnerabilities are fixed, there will always be vulnerabilities that can’t easily be remediated – and too often, finger-pointing between IT teams and business groups can ensue.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel