Regulations drive the need for vulnerability scanning

[Guest Post]

This guest post was provided by Lee Munson on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI vulnerability scanning software.

All product and company names herein may be trademarks of their respective owners.

Nowadays many companies will scan their corporate networks in order to identify security issues. A vulnerability scanner may be employed once per year or, preferably, more often, and can be run either in-house or by a third party.

Typically, the results that come back from the vulnerability scan are used to identify and rectify any security concerns, as well as to remain compliant with the company’s own internal policies and procedures.

The Regulations

There is a whole raft of regulations that either do, or could, have a significant effect on information processing and security. The key regulations for the USA, Europe and the United Kingdom –include:

• Payment Card Industry Data Security Standard (PCI DSS)
• Health Insurance Portability Act 1996 (HIPAA)
• Sarbanes-Oxley Act 2002 (SOX)
• Gramm-Leach-Bliley Act 1999 (GLBA)
• Family Educational Rights And Privacy Act (FERPA)
• The EU Data Protection Directive
• The EU Directive On Privacy And Electronic Communications
• The Computer Misuse Act 1990
• UK Data Protection Act 1998

Many of the above regulations either require, or at the least imply the need for, regular vulnerability scanning across the organisation’s network.

The Consequences Of Non-Compliance

There are, of course, many possible penalties associated with non-compliance of the regulations listed above. The first such penalties that you would likely think of would be immediate, legal and financial in nature but there would also be a longer-term concern as well.

In business, reputation is everything, and a company that is not compliant with the regulations will suffer as a result, either through that knowledge becoming known to prospective partners and customers, or as a direct consequence of a breach occurring.

Vulnerability Scanning and Compliance

By using a vulnerability scanner – that also includes the ability to patch vulnerabilities and provide audits – on a frequent basis, a company can detect security threats before they can affect the network. This is especially important in an environment where hardware and users are changing regularly.

Network security is a fluid process that changes all the time with new threats emerging on a regular basis. A vulnerability scanner is an essential tool for combating these new threats as these would be updated regularly by their vendors in pretty much the same way that antivirus programs are updated with new virus definition files.

Another benefit to running regular vulnerability scans is that it helps with security audits and, therefore, helps you meet compliance with the regulations mentioned above.

In the future, the need for compliance is only going to grow due to the fact that there will undoubtedly be a raft of new regulations being released and, also, because the existing regulations will almost certainly begin to encompass more and more companies, regardless of their size.

A vulnerability scanner is your virtual security consultant and can aid your organisation to pass all the appropriate legal audits as well as your company’s own internal policies, protecting all your customers’, partners’ and employees’ data and privacy in the process.