What is INVS?

Internal network vulnerability scanning is a process used by organizations to identify, assess, and remediate security vulnerabilities within their internal network and IT infrastructure. This type of scanning focuses on finding weaknesses in systems, applications, and devices that are behind the organization's firewall, as opposed to external vulnerability scanning, which targets the organization's public-facing assets.

Key aspects of internal vulnerability scanning include:

1. **Identification of Vulnerabilities**: Scanners identify known vulnerabilities by comparing the target systems against a database of known issues, such as missing patches, outdated software versions, and misconfigurations.

2. **Assessment**: The identified vulnerabilities are assessed based on their severity, potential impact, and the likelihood of exploitation. This helps prioritize remediation efforts.

3. **Remediation Recommendations**: The scanning tool provides recommendations for mitigating or resolving the identified vulnerabilities, such as applying patches, updating software, or changing configuration settings.

4. **Regular Scanning**: Internal scans are typically performed on a regular basis to ensure ongoing security. This helps in identifying new vulnerabilities that may arise from software updates, configuration changes, or newly discovered threats.

5. **Compliance and Reporting**: Internal vulnerability scanning is often a requirement for regulatory compliance standards like PCI DSS, HIPAA, and others. The scanning tool generates reports that can be used to demonstrate compliance and track the progress of remediation efforts.

Tools and Techniques:

**Automated Scanners**: Tools like Nessus, Qualys, and OpenVAS are commonly used to automate the scanning process.

**Manual Testing**: Sometimes, manual testing by security experts is necessary to uncover vulnerabilities that automated tools might miss.

**Integration with SIEM**: Results from vulnerability scans are often integrated into Security Information and Event Management (SIEM) systems to correlate with other security data and provide a comprehensive view of the organization's security posture.

Benefits:

**Proactive Security**: Identifies vulnerabilities before they can be exploited by attackers.

**Improved Compliance**: Helps meet regulatory requirements and industry standards.

**Enhanced Risk Management**: Provides a clear understanding of security risks and helps prioritize remediation efforts based on risk.

For more detailed information, you can refer to sources like Tenable, Qualys and Nessus.