Why IT Professionals Don’t do Enough Vulnerability Scanning
In doing our market research to develop VulScan by RapidFire Tools, we surveyed thousands of Managed Service Providers (MSPs) to learn how many actually perform vulnerability scans, how frequently they do it and for which clients.
Why MSPs? Because they collectively manage so many different client sites, they see more (and often experience more) than the average multifunctional IT professional working inside a corporate IT department. But what the MSPs are saying applies to internal IT pros as well.
Please note that this is copyrighted information. You can share this information with others, providing you cite “RapidFire Tools 2021 Vulnerability Scanning Survey” and provide a link back to this page.
Too Many MSPs Don’t Provide any Vulnerability Scanning
According to our survey, more than half of MSPs say they don’t do vulnerability scanning. A small percentage of these MSPs have SOCs, SEIMs or other cybersecurity solutions that provide protection, but the majority rely on firewalls and anti-malware/anti-virus software to protect their clients.
Most Smaller Clients aren’t Protected
Following up with the MSPs who said they do vulnerability scanning, less than 25 percent perform the scans for all their clients. More than half said they only perform scans for larger clients. The remaining 25 percent gave a wide range of responses including: they only perform scans for selected clients who pay for premium security services; they provide it to clients that request it as part of a compliance requirement; they provide it to clients that purchase it; they offer it only as part of an initial assessment.
Most MSPs that Perform Vulnerability Scanning do it at Least Monthly
According to the National Institute of Standards and Technology (NIST), the recommended frequency of vulnerability scans is monthly and 25% of our respondents who do scans reported following that recommendation. Yet there’s a huge range of frequency of scans. About 1 in 4 MSPs scan their clients’ networks more frequently than monthly, while the remaining half scan less frequently.
Most MSPs Cite Cost as the Primary Barrier to Vulnerability Scanning
There are a lot of obstacles that get in the way of MSPs performing regular vulnerability scanning on all client networks. Some find scans are too complicated and take too much time. Others have issues with the reports that come out of the scan results. But, by far, cost is the biggest issue. MSPs told us most of the IV scanning vendors charge so much, that it’s too expensive to absorb it as part of their general managed services fee and it costs more than their clients are willing to pay.
MSPs Want to do More Vulnerability Scanning
How much is cost a barrier for MSPs to provide the extra layer of cybersecurity protection to every client? When asked if they would perform vulnerability scans more frequently and/or for more clients . . . if it were more affordable . . . almost 8 out of 10 MSPs said they would.
Meet Your Clients’ Needs with VulScan
If you are among the majority of MSPs who don’t perform vulnerability scans — or spend so much that you have to limit which clients you do it for and how frequently — VulScan is your solution. The subscription price is so low you can immediately add monthly vulnerability scanning to enhance your base managed service contract and then use the results to sell-additional cybersecurity services.
Request a Demo
Still not sure that VulScan is right for you? Click here to schedule your personal one-on-one demo to see what VulScan can do for you.