Skip to main content

Posts

Showing posts from April, 2015

Agent based cloud scanning

As a part of security assessment of cloud based apps/ infrastructure we always face a challenge in scanning the servers in the cloud. Few of them are: Obtaining/ managing credentials always an headache Not ideal for cloud solutions Requires target machines to be always online The limitations of the scanners: Traditional infrastructure scanners  such as Nessus are of not much use Sometimes the scanners does not report  vulnerabilities correctly due to many issues such as machines frequently go down while scan is in process, some firewall issues etc We need a solution which is rather than we scanning the target servers, it resides on the server and keep doing the scanning and sends the report back to the organization periodically. And here comes the concept of 'Agent based clod scanning'.  The benefits are: Rather than targeting the remote servers in the traditional approach, the agents installed on the servers keep on doing the scans and sends the periodic r