5 Replies Latest reply on May 23, 2012 7:42 AM by John M Sopp

    Workstation vulnerability scanning-How do you do it?

    John M Sopp

      Just surveying the community here...IN general, What's everyone's approach to desktop scanning?

      Laptop scanning?

      Mobile scanning?

      From within MVM Doees anyone really scan for everything? If not, what do you shoot for. SANS top 20, "popular software", Highs only?

      Do you scan vpn connected devices?

       

      Just wanted to get a general feel for what is most common..

      Thanks everyone in advance.

       

      on 4/18/12 8:47:12 AM EDT
        • 1. Re: Workstation vulnerability scanning-How do you do it?

          We're relatively new to MVM, so I don't have a tried-and-true answer for you.  But how about:

           

          Where I hope to go with our desktop scanning:

           

          I would like to be able to say:

               These are our configuration and patching policies/procedures/schedules for our desktops

               Here's how we provide a check on that via MVM

               Here is a count of high-level vulnerabilities, graphed over time (excluding those we have deemed to ignore or that we consider false positives); This provides a reasonable risk metric for our desktops and a reasonable measure of patching effectiveness.

           

          Bear in mind that MVM is not really a patching or configuration-managment product.

           

          In practice:

          MVM has detected vulnerabilities with software that we use but that isn't managed by our patching utility; that makes MVM a useful adjunct to the patching product.  MVM has also picked up on situations where the patching product was having a detection issue and simply not applying patches to certain products on certain workstations.

           

          Perhaps others will chime in.

          J.

          • 2. Re: Workstation vulnerability scanning-How do you do it?
            John M Sopp

            We're looking for an approach strategy and wondering what is the most common. The initial goal of our worktastation scanning  is design a scan  to reduce scan time due to host volume and change mgmt constraints, reduce risk, and provide value to the process rather than adding too much overhead

            Options:

            • Scan for highs only
            • Non credentialed checks only
            • Popular software only(MS, Adobe, etc)
            • Scan desktops for only highs and scan mobile systems like laptops for all vulns

            -or any iteration of the above

            • 3. Re: Workstation vulnerability scanning-How do you do it?

              Uncredentialed scans are an easy way to start, and will detect a small(er) volume of vulnerabilities; this could be a manageable approach, depending on your situation.

               

              You won't see most of the vulnerabilities (e.g. Adobe products, most Microsoft issues) without a credentialed scan.

              J.

              • 4. Re: Workstation vulnerability scanning-How do you do it?
                sisc

                I think it all depends on what your organisation is looking to find or comply with as the case may be. You may want to do a Full vulnerability scan and of course, a network discovery scan (to detect what you really have on your network, as if you do not know what you even have on your network, how will you be able to organise your scan).

                 

                You may want to set up MVM to sync with your ePO if you have one installed or get some details from the Active Directory.

                 

                As earlier, it all depends on what the organisation counts as important, in terms of reports that come to the Management at the end of the process.

                 

                Regards.

                 

                Niran.

                • 5. Re: Workstation vulnerability scanning-How do you do it?
                  John M Sopp

                  I understand that the approach depends on the goal. The purpose of this post is to  see what  the most popular/most common approach is, particularly in mid to large sized companies.