Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Understanding third-party vulnerability scanners with Deep Security Intrusion Prevention

    • Updated:
    • 6 Feb 2019
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Deep Security 11.0
    • Deep Security 11.1
    • Deep Security 11.2
    • Deep Security 11.3
    • Deep Security 9.6
    • Platform:
    • N/A N/A
Summary

This article explains the reason behind the following scenarios:

  • Deep Security Intrusion Prevention rules do not trigger when third-party vulnerability scanners are ran.
  • Vulnerabilities still show up in third-party vulnerability scanners with Deep Security Intrusion Prevention enabled.
Details
Public

A vulnerability scanner is a computer program designed to assess computers, computer systems, networks, or applications for weaknesses. It is the core technology component of vulnerability management.

Many third-party vulnerability scanners (e.g. Nessus, Qualys) assess the systems as little disruptive and non-intrusive as possible. Otherwise, it would result in false positives. This is done through very specific port and product version mapping and not through active vulnerability exploitation. For more information, refer to the Qualys forum about How does vulnerability scanning work?.

Deep Security's Deep Packet Inspection (DPI) technology looks at network traffic for exploitation attempts through remote vulnerabilities. If there is no exploitation being attempted, Deep Security Intrusion Prevention rules will not be triggered and the traffic will not be blocked.

For this same reason, third-party vulnerability scanners may also show local vulnerabilities that cannot be protected by Deep Security Intrusion Prevention.

Penetration testing is an effective way of showing that Deep Security is actively blocking exploitation attempts.

Customers may leverage Deep Security's API in order to automate a report relating to Intrusion Prevention rules with third-party vulnerability scanner reports.

Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1113856
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.