Network vulnerability scanning and remediation is very important to the security posture of your network. The ability to proactively scan and identify current or potential attack vectors in the network should be included in the security policy. The question to ask is “what devices/systems get scanned and how often?” Many businesses tend to target their security scans on devices or software that’s most critical to their infrastructure. These devices or software apps can include, but are not limited to, web applications, databases or mainly wherever sensitive information is stored. This approach saves money, time, and network resources. However, there is a risk of exposure from vulnerable devices or software that are deemed less mission-critical, thus, they are not scanned.
Security scanning of critical devices should be standard practice on networks, but what about other devices such as TAPs, Network Packet Brokers (NPB) and Bypass switches? All managed devices on the network should be scanned periodically for security vulnerabilities then profiled to note any changes made to the device. Even small changes to the device’s configuration could be a sign of a larger breach or problem. Network TAPs and NPBs are often deployed to manage connections and to feed data copies to tools for monitoring purposes. These monitoring tools include but are not limited to Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Deep Packet Inspection (DPI) or metadata analytics tools. Many of these systems are deployed in disparate network security solutions. So, if an NPB or TAP were to be compromised, a nefarious actor could put in place changes that could shield the monitoring tools from detecting a cyber-attack. In addition, if this same network TAP or NPB is a part of a network security solution, then they should not be excluded from vulnerability scanning.
Managed network TAPs and NPB’s should always be scanned not only by the end-user, but also by the manufacturer. Payment Card Industry (PCI) standards require at least one annual network vulnerability scan. In practice however, it is best to scan quarterly and if the resources allow, even monthly. If any vulnerabilities are found, please contact the manufacturer to patch issues out. Since 2018, Datacom Systems has adopted vulnerability scanning to its suite of managed TAPs and NPB’s, quarterly. Enterprise-grade vulnerability scanning tools keep us up to date on any vulnerabilities that the managed TAPs or NPBs may have and allows for proactive remediation of any issues before these units are deployed in the field. For more information about our TAPS and NPB’s please visit us here.