Alex - stock.adobe.com
Vulnerability scanning tools enable organizations to search for and discover potential weaknesses within their environment.
Such tools have changed since debuting about 30 years ago. In the beginning, there were two basic types of vulnerability scanners. One scanned the internal network to find hosts on the network, determine what network ports were open and potentially "fingerprint" each host by studying its network behavior to pinpoint its OS and OS version. The other type of vulnerability scanning tool ran on individual hosts, often with local administrator credentials, to get a more comprehensive picture of what software each host was running and what known vulnerabilities were in that software.
Just as types of vulnerability scans have expanded and evolved, so too has the understanding of what constitutes a vulnerability and what tools are needed.
The following are five examples of the top vulnerability scanning tools to choose from.
Nessus was created in 1998 by Renaud Deraison, who later founded Tenable, the cybersecurity company that maintains Nessus to this day. Originally a free vulnerability scanner, it rapidly became popular. Today, Nessus Essentials is still free. Tenable also offers Nessus Professional and Nessus Expert, which can find known-vulnerable software versions and weak or incorrect security configuration settings on nearly any platform, including cloud architectures and many IoT devices.
Nessus is highly adaptable, with over 175,000 plugins available to enhance and customize its capabilities.
Nessus Professional and Expert are available as licenses starting at $3,390 and $7,490 per year, respectively.
Open Vulnerability Assessment Scanner (OpenVAS) is an open source vulnerability scanner supported by vulnerability management company Greenbone Networks and a community of researchers and developers.
OpenVAS started in 2006 based on the Nessus code before Nessus changed from open source to a commercial tool. OpenVAS offers some of the same scanning and customization capabilities as the Nessus products do today to identify vulnerabilities within individual hosts' software.
3. Burp Suite
Burp Suite is a tool from PortSwigger focusing on website and web application vulnerability scanning. It supports both static and dynamic testing techniques to identify potential vulnerabilities. Just as Nessus and OpenVAS are intended to be automatically run frequently or continuously against hosts, Burp Suite is intended to do the same for an organization's websites and web applications.
Burp Suite Community Edition is a free download. Burp Suite Professional ($449 per user per year) and Enterprise Edition (starting at $8,395 per year) are also available.
Snyk offers multiple types of vulnerability scanners for software development and supply chain threats, including the following:
- Snyk Open Source looks for software dependencies that have known vulnerabilities.
- Snyk Code finds vulnerabilities in source code as it's being developed.
- Snyk Cloud checks cloud environments for vulnerable software components, security configuration errors and other issues.
Snyk has free and paid product offerings; prices vary based on organizational or developer needs.
Intruder is a cloud-based vulnerability scanner, but that doesn't mean it only scans cloud-based resources. It scans networks, servers, client endpoints, cloud infrastructures and websites, regardless of their location. Like other scanners listed, it can find unpatched software, security configuration errors and other weaknesses.
Intruder has Pro and Essential levels of offerings. Prices are based on the number of targets customers plan to scan.
Deploy vulnerability scanners that cover business needs
Each of these tools differs significantly from the others, but there's also overlap in their capabilities. Overlap is fine -- even a plus, in many cases -- because two tools are likely to find more vulnerabilities than just one of them. The biggest concern with vulnerability scanners is having gaps where no scanner is checking certain hosts, networks or applications for a type of vulnerability.
Still, it's not prudent to acquire multiple vulnerability scanners that do the same things. Each scanner has an associated business cost -- at a minimum, for reviewing results and weeding out false positives, plus training the individuals -- and commercial scanners involve licensing fees.
It's best to get a set of vulnerability scanners that collectively provide all the scanning capabilities your company needs without excessively duplicating each other.