Traditional vulnerability scans are run remotely against networks and systems and provide invaluable insight into how you might be compromised by an attacker. Whilst there is still very much a requirement for the traditional vulnerability scan, CND can also supply an agent which is installed on every system providing a constant vulnerability scan. There are a number of advantages to an agent based vulnerability scan:
Credentials Are Not Shared With CND. As the agent is installed locally it works with local credentials, which do not have to be shared with CND. This works well in a small business without servers, or where users are permitted to use personal (BYOD) devices.
Traditional Remote Vulnerability Assessments rely on each host being reachable from the remote vulnerability scanner, this makes vulnerability scanning for remote or home workers impossible, or sporadic at best. The same applies to more mature networks which have segregated their LANs into disparate chunks. As the agent reports any vulnerabilities to our cloud service, rather than the other way round, constant vulnerability reporting is achievable.
Cloud. Scanning cloud provisioned hosts for vulnerabilities has proved problematic using traditional methods, agents provide the necessary visibility.
Patching. In addition to the identification of standard vulnerabilities, the agent also identifies any missing software patches in both the operating system and any 3rd party applications. Rest assured that CND only report on any missing patches or vulnerabilities identified and do not remediate, thereby leaving the client very much in control.
CND provide the client with the agent software for installation on each endpoint, if required CND can assist with the deployment of the software.
Once installed, the agents will start reporting on the endpoint's status to the CND analysts. Any critical issues will be reported to the client within the agreed timescales, routine or previously reported issues will be within the weekly report to the client.