This week’s reading article summarized, the importance of performing in house scanning of IT Systems by organizations for vulnerabilities, to be up to date with the ever-changing threat landscape. The tool chosen in this article is Nessus, because of the automation it brings to ensure security of IT systems.
Nessus is freeware and does not require much processing power for hardware, it can be deployed on several systems throughout the network to scan different segments. The article delineates further on the installation and setup of Nessus tool. The scanner finds all the vulnerabilities associated with the plugins which are set before the scan is run, hence appropriate attention should be given in configuring Nessus. Discovered vulnerabilities are generally indicators of flawed security practices and policies. Hence it is important to evaluate the results of these vulnerability scans and close these vulnerabilities as per the risk appetite of the organization. The article also emphasizes that even though automated scanning tools like Nessus can help organizations in finding and remediating knows exploits and vulnerabilities, however, it is the security policies and good practices followed in the organization which are most important in securing the information.
Leave a Reply
You must be logged in to post a comment.