When I looked at the logs associated with the actual scans, I found a problem. There were some permission errors when the scanner logged into our computers with the user account we set up for it. The logins were successful, but some of the scans came back with "permission denied" errors.
You see, the user account used by any kind of automated tool like my vulnerability scanner needs to have proper permissions to access the files and locations where it needs to look. In the Windows world, that generally means Administrator rights, or at least some kind of elevated privilege beyond basic, normal user access. And as it turned out, basic access was all that account had on our network.
What this means is that my scanner has never been able to give me a full list of vulnerabilities. And I didn't know that, because I have been getting plenty of good data from it -- just not all the data, as I found out when the problem was resolved by giving the scanner's user account full privileges and ran a new scan. Suddenly, my total number of vulnerabilities tripled!
This came as quite a shock, both to me and the IT administrators who now have an unexpectedly huge list of vulnerabilities to work on. And yes, I found the Safari installations I was looking for. There were exactly 12, just as I had expected.
But this situation leads me to wonder how many of our security tools are configured effectively, and how we can validate their configurations. It's good that this problem has been solved, but this experience has left me with a gnawing unease. Where are my blind spots, and how can I find them?
Sign up for Computerworld eNewsletters.