What is a vulnerability scan? – The Ultimate Guide Part 1

One of the most important forms of network security is the vulnerability scan itself. There are many types, but first we will focus on what they do. First of all, they tend to be non-invasive since the main goal is gaining information about devices found on a network. This is done without actually performing any exploits as would be seen with penetration tests.

Vulnerability scans are non-invasive and help to identify potential problems on a network.
Vulnerability scans are non-invasive and help to identify potential problems on a network.

Scanning for Security Purposes

Vulnerability scans often look at open ports on those devices, the operating systems (Windows, Mac, iOS, Android, Linux, etc.). Services and software versions can also be found. It is possible for this to be done without being detected or identified. Cyber criminals will probe random networks, routers, modems etc. using this basic form of discovery. They’ll analyze the results further. If there are any potential vulnerabilities, they will launch exploits (malicious code) against them.

Being Transparent

The cyber criminals don’t need to log in or perform any type of exploits on those systems to see what is on a network. Any vulnerability scan from outside your smart home network will be able to achieve this. Simius is designed to imitate that. And we report our results directly to you.

Certain details regarding a vulnerability scan might be lower in risk or priority, while others may be higher or critical. We want to attain as much information as possible here, so that each can be sorted out. Simius makes use of some extremely powerful scanners. It takes a small PC much longer time to complete these scans.

Part of this involves credential scans, where we seek to identify outdated username and passwords associated with your accounts in any of these services or devices alike.

Bring visibility to lower layers of the technology with a highlighted summary.
Bring visibility to lower layers of the technology with a highlighted summary.

A Stealthy Approach

Most of these vulnerability scans carry out these type of checks, while remaining hidden or undetected. This is due to something call the three-way handshake.

In short, this process is how everything on the internet communicates. It happens when you access a website such as email or social media, but in the case of a cyber criminal targeting smart home devices – they simply need to send a digital request to any device on your network, including the router. The request triggers a response back from your smart device, to the cyber criminal. But they do not need to reply back. The three-way handshake is incomplete. This means they do not finish creating a connection to your smart device. So it allows them to read info from your network using stealth.  Think of this as ringing the door bell and then running away. Only to see if you answer the door, of course.

In essence, there are a number of ways in which the bad guys can acquire information on the devices you have. This is where the vulnerability scans help you to stay ahead. Vulnerabilities are based on the devices present in your smart home network. But where do we actually find information on these vulnerabilities?

Potential security problems are identified.
Potential security problems are identified.

Proving the Vulnerability Exists

Luckily, the National Institute of Standards and Technology (NIST) maintains the National Vulnerability Database (NVD). They catalogue each known vulnerability and provide additional information.

“This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.”

Simius is designed to cross-reference information from these known vulnerabilities, which ensures the information we are reporting is accurate. At the same time, we simplify the presentation of this information so that it becomes easier to understand the corrective action required.

Easy come – Easy go

Using the latest industry standards, we have made scanning for vulnerabilities seamless, but also helping you to understand if certain parts of your network are more vulnerable than others. Smart devices are notorious for having vulnerabilities, and our scan results deliver information on  how you can make your network more secure. Find the problem is made easier so that a solution can be put in place as well.

Simius reduces the overhead through smart home automation.
Simius reduces the overhead through smart home automation.

However, the scan is not actually performing an exploit. Instead, it is taking a best-guess. It looks at is vulnerable in your smart home. This is what makes it different from a penetration test, which launches a malicious exploit. It fully bypasses the security of a device. We don’t have to go that far just yet and we will revisit penetration testing later.

For now, the goal is to help our customers understand the significance of vulnerability scanning, how it works. Also, why it is important as the first step. Penetration testing is far more expensive, and resource intensive. Many different strategies begin to surface from successful exploits, which give attackers higher privilege escalation to reap further havoc. But they perform a vulnerability scan regardless, since it is part of the process. Simius is providing these solutions for you, so that there can be no doubt on whether a device is secure or not.

Ready to Try Simius?


In this article, we discussed vulnerability scanning, how it works, and why it is useful. We also covered how it can offer a lot of value while being cost-effective.

Learn more

Neil Okikiolu

Neil Okikiolu

Neil is a Computer Scientist, Roboticist, and the founder of Simius Technologies Inc.