When is One Vulnerability Scanner Not Enough?
May 02, 2024
Vulnerability / Pen testing
Like antivirus software, vulnerability scans rely on a database of known weaknesses. That's why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn't existed in the vulnerability management space. The benefits of using multiple scanning engines Generally speaking, vulnerability scanners aim to produce checks for as many vulnerabilities as possible. However, the number of vulnerabilities discovered year on year is now so high, reaching nearly 30,000 a year, or 80 a day, that it's impossible for a single scanning engine to keep up with them all. As a result, even the very best, industry-leading leading scanners will struggle to check for every known vulnerability out there, and often they will favour certain sets of software known to be used by their customers. For example, Intruder's analysis from early 2023 which compared Tenable's Nessus and OpenVAS showed si