Asset management is a fundamental IT discipline at the heart of risk management. Due to the variety of diverse...
devices that can connect to a network, however, vulnerability scanners have a ways to go before being truly integrated within an asset management system. Given that Nmap is considered to be the best network discovery tool available, you are not going to find anything more comprehensive. Nmap has been around for several years, won numerous awards, and is included with many operating systems. It has become the tool of choice for many network administrators who want to map their networks and test them for vulnerabilities. This versatile utility can determine what hosts are available on a network, what services those hosts are offering, and what type of packet filters and firewalls are in use. The open source tool also has the ability to remotely fingerprint a machine's operating system. You can output the results in XML format so that they can be easily imported into a database or converted into HTML for analysis. Since Nmap is free, it is obviously a better deal than any proprietary network-mapping software you might choose.
If you run a purely Windows-based network, you might want to consider Microsoft's Systems Management Server. This product can map the hardware base, including BIOS and chassis enclosure data, existing applications, version information and the current service pack and hotfix levels of devices on the network. Machines and users can also be specifically targeted with software updates and patches.
For whatever product you choose, you will need to create sustainable, systematic processes to achieve strong asset and vulnerability management. Start by regularly scanning your network to fully discover the devices present on it. These may include laptops and handheld devices that may not always be connected. Next, schedule regular vulnerability scanning for specific devices and ranges of IP addresses. It is most important to maintain a record of all these activities from asset discovery to fixes and patching. This information is critical for reporting results to managers and auditors; it demonstrates to outside regulatory agencies that the organization is managing the security risks within the business.
Dig Deeper on Vulnerability Risk Assessment
Related Q&A from Michael Cobb
SandJacking, a new iOS attack technique, uses an XCode certificate flaw to load malicious apps onto devices. Expert Michael Cobb explains how the ...continue reading
Oracle has moved from using a modified version of CVSS v2.0 to CVSS v3.0. Expert Michael Cobb explains criticism of the old version, and the changes ...continue reading
QuickTime for Windows was found to have two zero-day vulnerabilities, and was then suddenly moved to end of life by Apple. Expert Michael Cobb ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.