In the wake of Apache’s Log4j vulnerability in December, several cybersecurity vendors announced free vulnerability scanning services. Vulnerability scanning can help businesses identify vulnerabilities within their systems–an important step towards detecting and preventing potential cybersecurity threats. We encourage our customers to take advantage of free vulnerability scanning services while they are available, but also consider adding these scans to your cybersecurity routine. It’s important to remember that the emergence of threats, like the Log4j vulnerability, is just one of the many reasons to get a vulnerability scan.
How Often Should You Conduct Vulnerability Scanning?
A general rule of thumb is to conduct a vulnerability scan every time you are making a change to your organization’s infrastructure. Even with minor changes, like adding a new asset, like a new web application or cloud infrastructure, vulnerabilities can arise on a minute-by-minute basis. For this reason, each time a minor change occurs within your infrastructure, we would recommend conducting a vulnerability scan. For large changes, like a full-blown migration to the cloud, we would recommend conducting both a vulnerability scan and a penetration test to double-check for vulnerabilities that may have arisen during the infrastructure change.
Even if no changes have occurred to your system, new vulnerabilities in your existing software can arise at any moment. To achieve good cyber hygiene, most businesses should use a vulnerability scanner on their external-facing infrastructure monthly. This allows your organization to better detect any vulnerabilities that have arisen on existing software before it corrupts your system.
Compliance is often a reason for organizations to conduct a vulnerability scan. Most industry security standards such as PCI DSS will require external vulnerability scans regularly. However, based on cybersecurity attacks caused by vulnerabilities in the past, even if your compliance standard requires 90 days, your security team should consider conducting standards more frequently to better prevent breaches.
Vulnerability Management Services Offered by Aurora
Contact us to learn about Aurora’s vulnerability management offering. We will recommend a vulnerability management service that fits with your organization’s goals. If any of Aurora’s partners are still offering free vulnerability scanning services, we will connect you with them.