Vulnerability scanning helps businesses secure their networks by identifying and addressing vulnerabilities in public-facing and private-facing assets that could be exploited by a hacker.
External Vulnerability Scanning
External vulnerability scanners must be deployed at external data centers or on computers located outside of the network being tested. External scanners check all the public-facing assets, including network firewalls, routers and other “perimeter” devices, targeting areas of IT infrastructure that are exposed to the internet or aren’t restricted to internal users and systems.
Internal Vulnerability Scanning
Internal scanners are deployed on the network itself. They can be stand-alone servers or deployed as virtual machines on any computer attached to the network with sufficient capacity. The internal scanners can check any (or all) ports on any device within a network with an IP address, identifying known vulnerabilities a hacker or malware can exploit once inside.
Portable Vulnerability Scanning
While it’s best practice to have scanners permanently installed on the network for regular internal scanning, portable vulnerability scanners are also available that can be transferred from one network to another for ad hoc assessments and diagnostics.