Understanding CYRISMA's Internal and External Vulnerability Scans
CYRISMA provides a range of powerful vulnerability scanning options to help you identify risks in both internal and external environments. Understanding how these scans work and when to apply specific configurations, like IP whitelisting, can maximize their effectiveness.
Written by Liam Downward
Updated at January 22nd, 2025
- User Manual
- Self Onboarding Guide
- Agents
- The Cyber Risk Assessment Process
- PSA Integrations
- General Questions and Troubleshooting
- The Cyber Risk Assessment Process (Video Tutorials)
- Sales and Prospecting Articles
- CYRISMA Partner Portal Access
- Glossary
- API Documents
- CYRISMA Change Log
- Support Ticket SLA
- Billing Questions
Table of Contents
Internal Vulnerability Scans
Authenticated vs. Unauthenticated Scans
Authenticated Scans:
These scans use credentials to log into devices and identify vulnerabilities that require higher-level access to detect. This scan type provides more in-depth results, including configuration issues and vulnerabilities that are not exposed externally.
Unauthenticated Scans:
These scans do not require credentials and provide a general view of open ports and visible vulnerabilities. They are useful for IoT devices, printers, and other endpoints where authentication is not feasible.
Steps for Running Internal Scans
- Deploy an agent to act as a probing device or install agents across all endpoints for group scanning.
- Use the Network Discovery tool to identify all devices on the subnet, including operating systems, printers, and IoT devices.
- Merge the discovered devices as targets to run authenticated or unauthenticated scans.
External Vulnerability Scans
Types of External Scans
IP Address Scan:
This scans the external-facing IP addresses of an organization to identify exposed ports, services, and vulnerabilities.
Web Application Scan:
This focuses on the security posture of external web applications, detecting vulnerabilities like cross-site scripting (XSS) and SQL injection.
Key Practice: Testing Before and After Whitelisting
Jim suggests a valuable approach when running external scans:
Run the External IP Scan Without Whitelisting:
Conduct an initial scan without whitelisting CYRISMA's IP addresses to observe how the client's firewall behaves. If their firewall effectively blocks the scan, it confirms that their security measures are doing their job.
Request IP Whitelisting and Re-run the Scan:
Provide the client with CYRISMA's IP addresses for whitelisting. After they whitelist the IPs, re-run the scan to obtain detailed results, including vulnerabilities that may otherwise remain hidden behind the firewall.
Best Practices for Vulnerability Scanning with CYRISMA
Start with a Probe:
Use unauthenticated scans to get a high-level view of the environment. For deeper insights, follow up with authenticated scans.
Iterate Scans:
Run scans periodically to detect newly introduced vulnerabilities or configuration changes.
Use Whitelisting Strategically:
Employ the "before and after whitelisting" method to validate the client's security configurations and extract actionable insights.
Leverage Reports:
CYRISMA generates comprehensive reports, including high-risk vulnerabilities, open ports, and security gaps. Use these for client presentations or internal action plans.
Why This Matters
By understanding and effectively using CYRISMA's internal and external vulnerability scans, organizations can:
- Identify and address weaknesses in their cybersecurity posture.
- Validate the efficacy of their firewall and network configurations.
- Provide actionable insights to improve overall security.
This dual approach ensures clients receive maximum value while demonstrating CYRISMA’s capabilities as a trusted security partner.