internal vulnerability scanning

Overview

Internal vulnerability scanning is the use of a vulnerability scanner to scan the internal networks for vulnerabilities. The vulnerability scanner uses a set of rules to look for vulnerabilities caused by software weaknesses or misconfigured services.

Why are they asking this?

The regular use of vulnerability scanners can help to detect vulnerabilities before they are exploited by malicious users or external parties. Vulnerability scanning is part of a comprehensive security policy.

What do they expect?

They expect regular, automated scans by an updated vulnerability scanner. This should be part of the security policies and procedures. The procedures should include updating the scanner and ruleset on a frequent basis to ensure that the latest vulnerabilities are detected.

Does your company utilize a vulnerability scanning tool to identify vulnerabilities on external and/or internal hosts?
Does your organization ensure that internal and external vulnerability scans are performed at least quarterly?
Are internal vulnerability scans performed monthly and issues resolved in-line with defined SLA's?
Are vulnerability scans performed against internal networks and systems?
How frequently do you perform vulnerability scans for internal and external facing networks? Which tool is used to perform these scans?