Thursday, April 09, 2009

Automated Scans Aren't Sufficient

Automated scanners. If automated vulnerability scanners caught all security risks, hackers would be out of business and security personnel wouldn't have much to do. In reality, automated vulnerability scanners are only one tool used in the process of identifying and managing security risks.

For many organizations, web applications are a vulnerable element of an organization’s IT infrastructure. As your organization uses the Internet for customer, supplier, employee, and vendor interactions, Internet technologies and database interfaces become complex and require additional security.

Automated web site scans provide little defense against knowledgeable hackers and full scale web attacks. Hackers don’t rely exclusively on automated scanners and neither should you. Organizations should use manual tools and experienced professionals to find technical vulnerabilities as well as identify risk areas created during the design, programming, installation, and maintenance phases of a software development lifecycle.

By emulating the approach used by hackers, organizations can better protect themselves and the sensitive information stored on servers. Altius IT recommends network and security audits that can assess internal network security, firewalls, and web application vulnerabilities.

Labels: , , ,