Security vulnerability in any network can be found and exploited by hackers and others in no time. The only questions are when this will happen and how much damage an individual could do once they’ve gained access to the network.

Recognizing this reality, most organizations test their own networks for security weaknesses, whether to meet compliance requirements or simply as a best practice. Those that aren’t doing this now should start—the sooner, the better.

There are a variety of methods that can be used for these tests, each of which has its strengths and weaknesses. For example, some can be performed relatively quickly and easily, while others are more complex and exhaustive. Determining which method is right for a particular organization or situation can be overwhelming to say the least, particularly for those lacking advanced IT skills. The below overview of the most common testing practices will help make sense of the often-confusing array of options to help organizations ensure the highest level of network security and protection.

Vulnerability Scans

When run on a regular basis,
vulnerability scans can serve
as an early warning that software
is out of date or patches are
missing or misconfigured

Vulnerability scans rely on mostly automated tools to find potential vulnerabilities at either the network or application level. Of the two, network scans are the more basic, looking for known common vulnerabilities in widely used commercial and open source software and reporting any that are found with ratings that identify the level of severity.

The advantages of network vulnerability scans lie in their speed, cost efficiency, and safety, which make them ideal for ensuring that the latest system patches and updates have been deployed and that security configurations are as stringent as possible. When run on a regular basis, these scans can serve as an early warning that software is out of date or patches are missing or misconfigured.

Many organizations only test their networks from the Internet. It’s true that Internet facing-vulnerabilities are the most well-known and well-publicized and may seem like the easiest for an attacker to exploit, but there’s much more to the story. Specifically, by limiting scans only to external threats, organizations remain unaware of exactly what an attacker could accomplish once the network has been breached, for example by tricking a user into installing a backdoor via a phishing email. What internal network vulnerabilities could an attacker exploit to move between systems once they’ve gained a foothold? Without testing internally, there’s no way to know the answer to this question until it’s too late.

Attackers regularly target and leverage vulnerabilities in custom applications to access the data they contain or breach the underlying network
Organizations must also test from inside the firewall to discover what an attacker could accomplish once the network has been breached

Internal Network Scans

Therefore, in addition to network vulnerability scans, organizations must also test from inside the firewall. But it’s important to note that even internal network scans can leave blind spots since, by default, scanners only check services that listen for network communications. Unfortunately, many attacks are made possible by phishing, drive-by-downloads, and other campaigns which target web browsers, PDF viewers and other client software that a network scan will skip over. Using these tactics, attackers can then exploit vulnerabilities in other local operating systems to gain administrator privileges.

There is a way to eliminate these blind spots by configuring scanning tools with authentication credentials that enable them to log in to their targets during internal scans, allowing them to check local software as well. This approach will give the most complete view of the status of an organization’s patches and configurations.

Even internal network scans
can leave blind spots since,
by default, scanners only
check services that listen for
network communications

The other main shortcoming of network vulnerability scanners is that they are only as good as their vulnerability signatures, which are based on existing databases of known vulnerabilities. This means they cannot identify flaws that haven’t yet been reported publicly, including those found in more obscure or custom applications. This can present significant risk, as attackers regularly target and leverage vulnerabilities in custom applications to access the data they contain or breach the underlying network. This is where application vulnerability scans come in.

Application Scanners

Application scanners are designed specifically to identify these previously undocumented vulnerabilities found in custom applications. Unlike network scanners, these tools exercise all of an application’s functionality to find common types of flaws, rather than looking for a list of known vulnerabilities. However, because of the amount of data these scanners send to an application, they must be used very carefully. No organization wants to become another entry on the long list of stories about application scanners dumping garbage data into a database or triggering thousands of emails.

That said, regardless of how advanced application scanners may be, they are still incapable of catching a number of vulnerabilities, especially those that are too subtle for the scanner to pick up on but which would be obvious to a human observer. As is the case with network scans, a clean report by an application scanner is a good start but is no guarantee that there are no problems. Organizations should build on these scans with deeper, more complex and thorough methods, such as penetration testing.

Each of these network vulnerability testing methods brings its own strengths and weaknesses to the overall security equation
Penetration testing brings skilled, "white hat" hackers into the mix to simulate real-world attacks

Real-World Testing

Organizations often make the mistake of concentrating their network security efforts on fixing only those vulnerabilities identified by scans as being critical or high-severity in nature, which is a highly ineffective practice. Why? Because real-world breaches are rarely perpetrated on the basis of a single critical network vulnerability. Instead, attackers recognize the tendency to focus on only “serious” problems and often chain together multiple low- to medium-severity network vulnerabilities or combine them with “local” vulnerabilities that are invisible from the network.

Building on network and application vulnerability scanning, penetration testing brings skilled, “white hat” hackers into the mix to simulate the kind of real-world attacks against an organization’s network services, applications, or even both simultaneously. Like malicious attackers, these testers attempt to combine vulnerabilities uncovered by scanners while also looking for those that the scanners are incapable of detecting. While this process is more time-consuming and costly than deploying scanning tools alone, it provides a more realistic assessment of just how much effort an actual attacker would need to put forth to breach an organization’s network and data.

No matter how careful penetration
testers are in their efforts, it is
always possible that a host would
be knocked offline temporarily or
data in a database altered

Potential Unintended Consequences

Each of these network vulnerability testing methods brings its own strengths and weaknesses to the overall security equation, underscoring the reality that no testing— regardless of how important or critical it may be—comes without risk. For example, no matter how careful penetration testers are in their efforts to exploit flaws and vulnerabilities without causing damage, it is always possible that a host would be knocked offline temporarily or data in a database altered.

Organizations need to be aware of these potential unintended consequences. It is important to understand that the skill level of the testers will largely determine the success of testing, so organizations should seek out testers with strong experience and skillsets. One final note is that regardless of how tempting it may be to cut costs by limiting the scope of testing, the potential long-term costs—network disruption, data theft, damage to reputation, etc.—could be far greater than today’s savings. For this reason alone, the higher cost to an organization of having an established, experienced team perform exhaustive testing can actually turn out to be a tremendous bargain.


Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Christopher Camejo Director of US Threat and Vulnerability Analysis, NTT Security (US) Inc

In case you missed it

Disruptive Innovation Providing New Opportunities In Smart Cities
Disruptive Innovation Providing New Opportunities In Smart Cities

Growth is accelerating in the smart cities market, which will quadruple in the next four years based on 2020 numbers. Top priorities are resilient energy and infrastructure projects, followed by data-driven public safety and intelligent transportation. Innovation in smart cities will come from the continual maturation of relevant technologies such as artificial intelligence (AI), the Internet of Things (IoT), fifth-generation telecommunications (5G) and edge-to-cloud networking. AI and computer vision (video analytics) are driving challenges in security and safety, in particular, with video management systems (VMSs) capturing video streams and exposing them to various AI analytics. Adoption of disruptive technologies “Cities are entering the critical part of the adoption curve,” said Kasia Hanson, Global Director, Partner Sales, IOT Video, Safe Cities, Intel Corp. “They are beginning to cross the chasm to realize their smart city vision. Cities are taking notice and have new incentives to push harder than before. They are in a better position to innovate.” “Safety and security were already important market drivers responsible for adoption of AI, computer vision and edge computing scenarios,” commented Hanson, in a presentation at the Milestone Integration Platform Symposium (MIPS) 2021. She added: “2020 was an inflection point when technology and the market were ripe for disruption. COVID has accelerated the adoption of disruptive technologies in ways we could not have predicted last year.” Challenges faced by cities Spending in the European Union on public order and safety alone stood at 1.7% of GDP in 2018 Providing wide-ranging services is an expanding need in cities of all sizes. There are currently 33 megacities globally with populations over 10 million. There are also another 4,000 cities with populations over 100,000 inhabitants. Challenges for all cities include improving public health and safety, addressing environmental pressures, enabling mobility, improving quality of life, promoting economic competitiveness, and reducing costs. Spending in the European Union on public order and safety alone stood at 1.7% of GDP in 2018. Other challenges include air quality – 80% of those living in urban areas are exposed to air quality levels that exceed World Health Organization (WHO) limits. Highlighting mobility concerns is an eye-opening statistic from Los Angeles in 2017: Residents spent an average of 102 hours sitting in traffic. Smart technology “The Smart City of Today can enable rich and diverse use cases,” says Hanson. Examples include AI-enabled traffic signals to help reduce air pollution, and machine learning for public safety such as real-time visualization and emergency response. Public safety use cases include smart and connected outdoor lighting, smart buildings, crime prevention, video wearables for field agents, smart kiosks, and detection of noise level, glass breaks, and gunshots. Smart technology will make indoor spaces safer by controlling access to a building with keyless and touchless entry. In the age of COVID, systems can also detect face mask compliance, screen for fever, and ensure physical distancing. 2020 was an inflection point when technology and the smart cities market were ripe for disruption, Kasia Hanson told the MIPS 2021 audience. Video solutions Video workloads will provide core capabilities as entertainment venues reopen after the pandemic. When audiences attend an event at a city stadium, deep learning and AI capabilities analyze customer behaviors to create new routes, pathways, signage and to optimize cleaning operations. Personalized digital experiences will add to the overall entertainment value. In the public safety arena, video enables core capabilities such as protection of people, assets, and property, emergency response, and real-time visualization, and increased situational awareness. Video also provides intelligent incident management, better operational efficiency, and faster information sharing and collaboration. Smart video strategy Intel and Milestone provide video solutions across many use cases, including safety and security Video at the edge is a key element in end-to-end solutions. Transforming data from various point solutions into insights is complicated, time-consuming, and costly. Cities and public venues are looking for hardware, software, and industry expertise to provide the right mix of performance, capabilities, and cost-effectiveness. Intel’s smart video strategy focuses around its OpenVINO toolkit. OpenVINO, which is short for Open Visual Inference and Neural network Optimization, enables customers to build and deploy high-performing computer vision and deep learning inference applications. Intel and Milestone partnership – Video solutions “Our customers are asking for choice and flexibility at the edge, on-premises and in the cloud,” said Hansen in her presentation at the virtual conference. “They want the choice to integrate with large-scale software packages to speed deployment and ensure consistency over time. They need to be able to scale computer vision. Resolutions are increasing alongside growth in sensor installations themselves. They have to be able to accommodate that volume, no matter what causes it to grow.” As partners, Intel and Milestone provide video solutions across many use cases, including safety and security. In effect, the partnership combines Intel’s portfolio of video, computer vision, inferencing, and AI capabilities with Milestone’s video management software and community of analytics partners. Given its complex needs, the smart cities market is particularly inviting for these technologies.

What Are the Physical Security Challenges of Smart Cities?
What Are the Physical Security Challenges of Smart Cities?

The emergence of smart cities provides real-world evidence of the vast capabilities of the Internet of Things (IoT). Urban areas today can deploy a variety of IoT sensors to collect data that is then analyzed to provide insights to drive better decision-making and ultimately to make modern cities more livable. Safety and security are an important aspect of smart cities, and the capabilities that drive smarter cities also enable technologies that make them safer. We asked this week’s Expert Panel Roundtable: What are the physical security challenges of smart cities?

New Markets For AI-Powered Smart Cameras In 2021
New Markets For AI-Powered Smart Cameras In 2021

Organizations faced a number of unforeseen challenges in nearly every business sector throughout 2020 – and continuing into 2021. Until now, businesses have been on the defensive, reacting to the shifting workforce and economic conditions, however, COVID-19 proved to be a catalyst for some to accelerate their long-term technology and digitalization plans. This is now giving decision-makers the chance to take a proactive approach to mitigate current and post-pandemic risks. These long-term technology solutions can be used for today’s new world of social distancing and face mask policies and flexibly repurposed for tomorrow’s renewed focus on efficiency and business optimization. For many, this emphasis on optimization will likely be precipitated by not only the resulting economic impacts of the pandemic but also the growing sophistication and maturity of technologies such as Artificial Intelligence (AI) and Machine Learning (ML), technologies that are coming of age just when they seem to be needed the most.COVID-19 proved to be a catalyst for some to accelerate their long-term technology and digitalization plans Combined with today’s cutting-edge computer vision capabilities, AI and ML have produced smart cameras that have enabled organizations to more easily implement and comply with new health and safety requirements. Smart cameras equipped with AI-enabled intelligent video analytic applications can also be used in a variety of use cases that take into account traditional security applications, as well as business or operational optimization, uses – all on a single camera. As the applications for video analytics become more and more mainstream - providing valuable insights to a variety of industries - 2021 will be a year to explore new areas of use for AI-powered cameras. Optimizing production workflows and product quality in agriculture Surveillance and monitoring technologies are offering value to industries such as agriculture by providing a cost-effective solution for monitoring of crops, business assets and optimizing production processes. As many in the agriculture sector seek to find new technologies to assist in reducing energy usage, as well as reduce the environmental strain of modern farming, they can find an unusual ally in smart surveillance. Some niche farming organizations are already implementing AI solutions to monitor crops for peak production freshness in order to reduce waste and increase product quality.  For users who face environmental threats, such as mold, parasites, or other insects, smart surveillance monitoring can assist in the early identification of these pests and notify proper personnel before damage has occurred. They can also monitor vast amounts of livestock in fields to ensure safety from predators or to identify if an animal is injured. Using video monitoring in the growing environment as well as along the supply chain can also prove valuable to large-scale agriculture production. Applications can track and manage inventory in real-time, improving knowledge of high-demand items and allowing for better supply chain planning, further reducing potential spoilage. Efficient monitoring in manufacturing and logistics New challenges have arisen in the transportation and logistics sector, with the industry experiencing global growth. While security and operational requirements are changing, smart surveillance offers an entirely new way to monitor and control the physical side of logistics, correcting problems that often go undetected by the human eye, but have a significant impact on the overall customer experience. Smart surveillance offers an entirely new way to monitor and control the physical side of logistics, correcting problems that often go undetected by the human eye. Video analytics can assist logistic service providers in successfully delivering the correct product to the right location and customer in its original condition, which normally requires the supply chain to be both secure and ultra-efficient. The latest camera technology and intelligent software algorithms can analyze footage directly on the camera – detecting a damaged package at the loading dock before it is loaded onto a truck for delivery. When shipments come in, smart cameras can also alert drivers of empty loading bays available for offloading or alert facility staff of potential blockages or hazards for incoming and outgoing vehicles that could delay delivery schedules planned down to the minute. For monitoring and detecting specific vehicles, computer vision in combination with video analysis enables security cameras to streamline access control measures with license plate recognition. Smart cameras equipped with this technology can identify incoming and outgoing trucks - ensuring that only authorized vehicles gain access to transfer points or warehouses. Enhance regulatory safety measures in industrial settings  Smart surveillance and AI-enabled applications can be used to ensure compliance with organizational or regulatory safety measures in industrial environments. Object detection apps can identify if employees are wearing proper safety gear, such as facial coverings, hard hats, or lifting belts. Similar to the prevention of break-ins and theft, cameras equipped with behavior detection can help to automatically recognize accidents at an early stage. For example, if a worker falls to the ground or is hit by a falling object, the system recognizes this as unusual behavior and reports it immediately. Going beyond employee safety is the ability to use this technology for vital preventative maintenance on machinery and structures. A camera can identify potential safety hazards, such as a loose cable causing sparks, potential wiring hazards, or even detect defects in raw materials. Other more subtle changes, such as gradual structural shifts/crack or increases in vibrations – ones that would take the human eye months or years to discover – are detectable by smart cameras trained to detect the first signs of mechanical deterioration that could potentially pose a physical safety risk to people or assets. Early recognition of fire and smoke is another use case where industrial decision-makers can find value. Conventional fire alarms are often difficult to properly mount in buildings or outdoor spaces and they require a lot of maintenance. Smart security cameras can be deployed in difficult or hard-to-reach areas. When equipped with fire detection applications, they can trigger notification far earlier than a conventional fire alarm – as well as reduce false alarms by distinguishing between smoke, fog, or other objects that trigger false alarms. By digitizing analog environments, whether a smoke detector or an analog pressure gauge, decision-makers will have access to a wealth of data for analysis that will enable them to optimize highly technical processes along different stages of manufacturing - as well as ensure employee safety and security of industrial assets and resources. Looking forward to the future of smart surveillance With the rise of automation in all three of these markets, from intelligent shelving systems in warehouses to autonomous-driving trucks, object detection for security threats, and the use of AI in monitoring agricultural crops and livestock, the overall demand for computer vision and video analytics will continue to grow. That is why now is the best time for decision-makers across a number of industries to examine their current infrastructure and determine if they are ready to make an investment in a sustainable, multi-use, and long-term security and business optimization solution.