About vulnerability management
Vulnerability management is the process of identifying, evaluating, treating and reporting on security vulnerabilities in systems and the software that runs on them. This, implemented alongside other security tactics, is vital for organizations to prioritize potential risks and minimize their attack surface.
Security vulnerabilities refer to technological weaknesses that allow malicious actors to compromise a product and the information it holds. This process needs to be performed continuously to keep up with new systems being added to networks, changes that are made to systems and the discovery of new vulnerabilities over time.
What is vulnerability scanning?
Vulnerability scanning is one aspect of a full vulnerability management program. Within vulnerability scanning there are two types being offered: non-credentialed and agent based. They are intended to bypass all security controls to enumerate all known vulnerabilities on the device being scanned. Non-credentialled scans are subject to much higher false positive findings.
The University of Toronto has many networked devices, including desktops, laptops printers and any other device that has an IP address. Some of these devices may have security issues due to missing patches, misconfigurations or obsolete software/operation systems. Vulnerability scanning proactively tests every connected device on our network and attempts to identify these potential security issues.