Can we talk about vulnerability scanning frequency in smaller shops

I run a 3-person security team for a mid-size logistics company and we scan our external IPs weekly, but our internal network only gets scanned quarterly due to bandwidth worries. Last month our quarterly scan caught a CVE-2023-xxxx critical on an internal file server that had been exposed for 90 days. Do you prioritize volume versus frequency when you have limited staff?

2 comments

2 Comments

anthony_lane558d ago

Oh great, another reminder that the file server you forgot about has been sitting there like a ticking time bomb for three months. Been there, done that, got the remediation ticket to prove it. Quarterly scanning for internal stuff is a common trap because nobody wants to be the guy who breaks the network during peak hours. But in my experience, that 90 day window is basically an open invitation for anything with a pulse to wander in and help themselves. Your mileage may vary, but I've found that running lighter scans on internal subnets weekly catches way more junk without killing the network, versus doing one big quarterly deep dive that just makes you feel bad.

nora_barnes8d ago

And that 90 day invite is basically a digital "welcome mat" for trouble, right?