Vulnerability scans come in two types depending on which part of the system they’re conducted on: internally or externally.
Internal vulnerability scans are performed from inside your network’s firewall. This enables them to reveal the most at-risk components of your system, as well as any vulnerabilities that lie in the inner architecture and design of your network.
External vulnerability scans, on the other hand, are performed from outside the network. Those target external ports and IP addresses; scanning the network’s perimeter for any weaknesses or vulnerabilities that malicious actors may be able to exploit to gain access into your ecosystem.
While different, it’s not a matter of choosing which type of vulnerability scan you need to conduct. Both are equally important and specialize in uncovering a different variety of vulnerabilities.
Continue reading to learn more about the differences between external and internal vulnerability scans, the pros and cons of each, and the frequency at which you should be performing them.
Read more: How to Do a Vulnerability Scan Effectively in 6 Steps
Key Differences
While greatly similar, there are a handful of key differences between internal and external vulnerability scans, as shown in the table below:
Comparison | External Vulnerability Scans | Internal Vulnerability Scans |
---|---|---|
Primary function | Scan for vulnerabilities from outside the network | Scan for vulnerabilities from inside the network |
Recommended frequency | At least monthly | From monthly to quarterly |
Benefits | Identifies vulnerabilities on the perimeter of your network | Identifies vulnerabilities insider your network |
Estimated cost | $2,500 – $5,000 | $1,500 |
Time consumption | 30 – 90 minutes | 1 – 3 hours |
Internal Vulnerability Scans
Internal vulnerability scans are scans conducted from inside the network for the purpose of examining the security features and capabilities from an insider’s perspective. The scans test the security and integrity of connections between servers, access privileges, and application access all within the same network.
This is the perfect test to prevent an insider attack, as it puts the vulnerability scanner on the same projected path as a malicious actor who’s either an employee or managed to gain access to the network’s internal components through a phishing scheme.
The scanning process of the internal network component consists of identifying and classifying the various points and how each one will be best tested. This includes the user devices and servers within the network, communications equipment, and IoT devices.
The vulnerability scanner would attempt to communicate with all the items listed in its inventory, waiting for the devices and software to respond. Based on their responses and the information they reveal, the scanner can determine how secure each component is, and whether a vulnerability is present.
The results are then shared with the scan’s admin as a detailed report that carries all of the scanner’s findings.
Pros of Internal Vulnerability Scans
As a preventative cybersecurity measure that helps prepare for cyberthreats and attacks before they occur, conducting regular internal vulnerability scans has several benefits, such as:
- Identify and fix internal network vulnerabilities
- A proactive approach to network security
- Provide insight into the security landscape of your network
- Reduce the risks of insider attacks
- Limit the outward movement of malicious actors that manage to access the network.
Cons of Internal Vulnerability Scans
While the benefits of performing regular vulnerability scans are priceless, it’s important to note that they are not a perfect solution.
Some of the drawbacks to relying too heavily on internal vulnerability scans include:
- The scan is only as accurate as the vulnerability scanner
- The risk of false positives
- They cost an average of $1,500
- Free tools are harder to use properly without prior experience
- No guaranteed 100% success rate of finding vulnerabilities
Learn more about top vulnerability scanning software and tools.
How Often Should You Run an Internal Vulnerability Scan?
The answer depends primarily on the size and industry of your organization. Larger businesses and corporations tend to require more frequent vulnerability testing as they have more possible points of error where an update wasn’t compatible or the newly enforced configurations overlap.
Generally, internal vulnerability scans should be conducted as often as possible, anywhere from a monthly to quarterly basis. While the recommendations for certain organizations by their cybersecurity providers may vary, it’s unlikely to cross the average duration by a lot.
On a final note, you should consider conducting an internal vulnerability scan following a large-scale cyberattack, whether it targeted your network or not. As soon as fixes for the threat start emerging, it’s important to implement them into the innermost components of your network as quickly as possible.
External Vulnerability Scans
External vulnerability scans are scans conducted at the outer perimeter of the network. The process targets the network’s access points from devices and ports to IP addresses.
The vulnerability scanner starts by mapping the general outline of your network based on all the active access points. During the scan, the tool would attempt to send IP packets individually to all access points it’s been programmed to test.
Some external vulnerability scanners check their findings against an extensive database of known vulnerabilities, to save time on the scan and provide more accurate results. When the scan is complete, the tool would produce a report with all its findings.
The report would include the tested devices, IP addresses, and ports, as well as the method they were tested in and how they responded. The vulnerability scanner is able to determine the type of vulnerability and level of risk for the vast majority of test points.
However, you can externally analyze the report for additional insight into the state of your network’s security and how they respond to unauthorized communications attempts.
Pros of External Vulnerability Scans
External vulnerability scans are essential for maintaining the security and integrity of the network’s outer perimeter. While not a stand-alone network security tool, it allows you to be more proactive in your approach to security.
Some of their benefits include:
- Revealing weaknesses in your network’s security
- Providing a detailed report on the state of security of your network
- Helping you identify new servers and services added to your network
- Identifying unsecured transfer protocols used by third-party services
- Identifying deprecated services in server configurations
Cons of External Vulnerability Scans
It’s important to be aware of the shortcomings of even the most advanced external vulnerability scanner in order to be able to work around the deficiencies.
Some notable disadvantages of regular vulnerability scans include:
- The risk of false positives
- They can cost anywhere from $2,500 to $5,000
- Inability to identify unknown risks and vulnerabilities
- The time and costs of conducting the scans regularly
- No guaranteed 100% success rate of finding vulnerabilities
How Often Should You Run an External Vulnerability Scan?
Similarly to internal vulnerability scans, there is no one right answer. However, external vulnerability scans should be conducted on average more often than internal vulnerability scans, as the perimeter of the network is always at a higher risk of attack.
You should consider conducting them on a monthly basis. Waiting any longer between scans would risk piling up a large number of vulnerabilities that need fixing, which could occur at a time when a zero-day cyberthreat is making the rounds.
Also, conduct a scan every time there’s a major change to the architecture or setup of your network. When adding new devices, ports, services, or applications, it’s crucial that you ensure they’re all up to standard and vulnerability-free.
Bottom Line: External VS Internal Vulnerability Scans
External and internal vulnerability scans are very similar processes where the components of a system are scanned in search of vulnerabilities.
While external scans are dedicated to locating and identifying vulnerabilities that lie on the outer perimeter of the network, their internal counterpart is only responsible for scanning the inner components of the network.
Learn about 8 Types of Vulnerability Scanning Tools.