![kynd-logo-200-1.png]](https://help.kynd.io/hs-fs/hubfs/kynd-logo-200-1.png?height=40&name=kynd-logo-200-1.png){kind=logo}
Network Scanning: A Guide
Internal network scanning is like a health check for an organization's digital infrastructure. It involves systemically scanning and evaluating devices, systems, and networks to identify vulnerabilities and potential security risks.
Why is scanning important?
Internal scanning aids in detecting vulnerabilities before they can be exploited, allowing network admins to fix issues before they become serious. Scanning helps safeguard data by identifying potential points of compromise, significantly reducing the risk of data breaches. Regular internal scans ensure compliance with industry regulations, avoiding legal issues and penalties.
Scanning and assessment
Many categories of formal assessment require evidence of regular internal and external scanning. An auditor, insurance application review or similar will expect internal devices and external IPs to be covered by scanning. You should invest in an appropriate solution to meet this threshold. Developing a policy and cadence to internal & external network scans demonstrates a commitment to risk mitigation, and evidencing the continual monitoring and improvement that is a frequent assessment criteria.
Scanning and CVEs
Internal scans should include checking for outdated or unpatched software. This will help keep you in line with best practices when it comes to patching - all patches applied in under 30 days, and under 7 days for critical security patches. When you are selecting a vendor for your scanning product, ensure potential service vendors cover the latest CVEs relevant to your infrastructure.
Scanning - EPP & EDR
EPP stands for Endpoint Protection Platform and EDR stands for Endpoint Detection and Response. EPP prevents threats such as malware, whilst EDR detects and responds to anything that bypasses other security measures. These can be included in some scanning services, but not all. You need to check you have EPP and EDR alongside your internal and external scanning capabilities.
Checklist
Consider the following best practices when reviewing your scanning software:
- Your IT teams should implement automated internal and external scans to ensure regular checks without disrupting daily operations
- Review scans regularly to ensure that you are adhering to best practices when it comes to patching -all patches applied in under 30 days, and under 7 days for critical security patches.
- Regularly review your internal and external scanning service vendor - ensure they are still fit for purpose and meeting your needs. Change them if they cannot ensure your security.
- Ensure you have EPP & EDR in place as well as internal and external scanning - though sometimes offered in one package, this is not always guaranteed. Make sure your organization has all bases covered.
- Ask your IT team to share insights and updates with organization leaders to ensure everyone understands the threats your organization faces.
- Maintain thorough documentation of scan results and reporting schema. This documentation will be useful for any future audits or post-attack forensics.
- Include any incidents raised by scans in your regular cyber security review. Try to identify patterns and repeating issues and plan on how to prevent them in the future where possible.
- Not unlike general cyber practices, treat internal scanning as an evolving process. Regularly reassess and improve scanning processes based on emerging threats and technological changes.