Pub. 13 2018-2019 Issue 3

NEBRASKA BANKERS ASSOCIATION 19 Authenticated Vulnerability Scanning Advantages If the value of authenticated scanning is still unclear, here are some benefits: 1. Authenticated vulnerability scans identify vulner- abilities which are often undetected by unauthenti- cated scanning. 2. Authentication allows the scanning tool to do its job better. 3. Data harvested by authenticated scans is more accurate. 4. Authenticated scans usually have less impact on a system – since the scanning tool is running with el- evated privilege, ports and services respond without hesitation. 5. Regulatory examiners are beginning to recommend authenticated scanning. Now What? First, you need to determine if your existing IT audit firm performs authenticated scans. If you have not been providing your IT auditor with a Windows Active Directory account with elevated privileges (such as Domain Admin group), your scans have been unauthenticated scans. As you select an IT audit firm, in addition to performing authenticated vulnerability scans (confirm they will require the type of account described above), look for a firm: Keith Laughery is an Account Manager for CoNetrix. CoNetrix serves the community banking community by providing information security consulting, IT/ GLBA audits and other security testing engagement and through its Tandem Security and Compliance Software, a suite designed to assist community banks with GLBA and other regulatory compliance. CoNetrix has performed almost 3,000 security-testing engagements since 2000 and has almost 1,300 clients from all 50 states. Visit https://conetrix.com/security or contact Keith at klaughery@conetrix.com or 800-356-6568. √ Whose auditors are certified and experienced √ Who will be a partner with you, patiently explaining previously unreported technical findings √ Who will provide some guidance/recommendations for mitigating these new deficiencies An IT Audit without an authenticated internal network vulnerability assessment is like fishing with a teeny, tiny hook or a shooting a bowwith crooked arrows. While youmight catch a minnow or hit the target somewhere, you will surely miss the trophy fish and the bullseye. 