in the last video, we talked about the benefit of security policies and vulnerability, management and importance of tracking inventory. And it's video. Who would talk about verifying foreign abilities against inventory?
Let's look at the learning objectives.
We're going to cover the benefits of using tools
and also the benefit of verifying foreign abilities against inventory.
Let's look at the pre assessment.
Verifying vulnerabilities against your inventory can help to minimize wasted effort. Own risk that don't apply it to your organization.
Is that true? Or folks?
The correct answer here is true.
It definitely saves you a lot of effort and saved a lot of time as well.
That's a look at the benefit of the tools,
so it does help reduce false positive.
That's how reduce false negatives
and a different tools that you have that your disposal rapid seven Nessen Squalus
And there's other vendors well to that provides vulnerability management.
So with that, said, the vulnerability of magical solution
to provide the capability to scan scan four and fix vulnerabilities in a broader range of categories.
backdoors in Trojan horses,
which bypasses authentication systems, so that's why it's always great to ensure that solution has
a piece where it can authenticate with the server. That way,
if it does fill, it can actually let you know
Actually, I p of the server that it fell though
you can go in and correct that issue from there.
Brute force attacks,
which defies photography by systematically trying different keys.
So it's important to ensure that
brute force attack that plug in is also
implement. It is well to with your solution
CG I with the exploits Common gate will interface
D. N s and buying which exploits domain name service is
e commerce applications file sharing about transfer fry walls,
General Remote Service's Hall where and networked appliances,
SMTP and e mail applications. That is a huge one. So you always want to make sure that,
you know, it's from a port perspective
and also that you're
email ports always covered, so
always ensure that that plug in
is insert is well to its force. Porter, you're scanning.
Then we have t c p i P. So that's the explosive, the transmission control protocol and Internet Protocol.
So it was a big one that's Port 80. Right there, guys
where VoIP Web servers, while its excess points and X windows, which exploits display protocols.
the benefits of having these tools
save you time and also save your money. But if anything does these tools or putting please so identified its critical vulnerabilities
and stay ahead of the curve. When Attackers basically try toe,
try to get inside of the infrastructure.
So look at the benefits of verifying vulnerabilities.
So we have here minimize effort spent on risk that don't apply
and reduce calls. Because if you don't reduce coast like the late, great burning Maxie is going to be trouble. Tripp do
so you can use the results of a vulnerability scan to verify that vulnerabilities matched the actual device
software and configurations in your network.
The value of the step miss to minimize efforts spent investigating risk that don't apply to your network configuration.
Obviously, this is another test that best it is best done automatically
intelligence scan and applications such as Ness's
HQ, Wallace and other applications. That's out there as well to our designs. Actually, I accurately identify at risk pertinent to the devices and applications on your network,
eliminating common errors known as false positives and false negatives that can lead to inefficiencies and a vulnerability in management process
and, most importantly,
bringing up Maur calls.
Okay, so let's look at the ways to improve scan.
So we have the service. Discovery Engine. Which text backdoors Trojans.
The other viruses that associate ID mill Where? Everything.
So we have websites as well, too. So we have this. We have the C V database, which is the common vulnerability Exploit Database
We have a watch Top 10.
We have the N V D, which is the national vulnerability database. We have more sits a ton ton more to go.
Lastly, we have the comprehensive and accurate reporting. So
when you provide a report,
you want to ensure that you're capturing
information that's showing the authenticated and also the remediated effort
of the vulnerability. Imagine peace. So you want to injure that hey
patching team did their job. It's well, it's configuring.
Provide the patches.
You did your job for three scanning. Make sure making sure that
the to is actually authenticating to the server
and that way when you actually handed over to the client, they're getting a crystal clear picture of their security posture.
All right, so look at the polls assessment
so comprehensive, comprehensive and accurate reports or not one other ways to improve vulnerability. Scat.
Is that true? Or is that folks?
comprehensive and echo reports or
the way still improve Vulnerability scan.
his answer here right here is actually focus.
Let's go ahead and wrap up now.
So in this video, we talked about verifying vulnerabilities against inventory.
classifying and rigging risk.