Is it necessary to do authenticated scan for network device. what more information will I get from the authenticated scan specially for the network devices
Thanks & Regards,
Without knowing what kind of network devices you have, I can give you a generic method to get the answer you want.
In the KnowledgeBase section of Qualys, I did a search with the following parameters:
This returned 76 vulnerabilities. If I exclude one OSX agent vuln that didn't get filtered out, it includes 2 Severity 5's and 18 Severity 4's.
My understanding is that these are all vulnerabilities that would go undetected if you weren't authenticating during the scan.
At a high level I understand that authenticated scan gives more and confirmed vulnerability information about the system.
But the problem is that I have to convince the network team, why is it important to do authenticated scan, what more information it will provide which we can not get through unauthenticated scan.
Can you please help me with some valid pointers to justify authenticated scan.
I am new to vulnerability management. Looking forward and appreciate your help
Thanks & Regards
Tell the network guys they're being arseholes.
Remind them it's their job to keep the network secure. Authenticated scanning helps them do that, because without it they will completely miss serious vulnerabilities that need fixing. Unless they want to set up a secondary manual process just for those vulns,
Maybe you can offer to roll it out to one or two devices first, just so they can feel more relaxed about it. Network guys will probably want to science the shit out of the scanning traffic profiles, so let them do that. You can tune the scan option profile until they either are happy or lose interest, then plan a progressive rollout for the rest of the fleet.
Offer them an account on the Qualys service so they can look at some of their reports. Maybe.
An authenticated scan will allow the Qualys service to dig deeper into the system config with the access to critical config settings and even the entire config file. We can look not just for missing patches or but also for mis-configurations. Browse the qualys knowledge-base and run a search against the network device OS and see the list of things that you can do with authentication.
Retrieving data ...