Package: Invicti AppSec Enterprise (on-premise, on-demand)
Infrastructure scanning overview
Infrastructure scanning identifies vulnerabilities in running infrastructure, including servers, network devices, operating systems, and cloud resources. Unlike IaC scanning (which checks configuration files before deployment), infrastructure scanning assesses the actual state of deployed systems to find known vulnerabilities, missing patches, and misconfigurations.
How it works
Infrastructure scanners connect to your environment and assess running systems by:
- Vulnerability assessment: scans hosts and network devices for known CVEs, missing patches, and outdated software.
- Configuration auditing: checks system configurations against security benchmarks and hardening standards.
- Network scanning: discovers open ports, exposed services, and network-level vulnerabilities.
- Compliance checks: evaluates infrastructure against frameworks such as CIS Benchmarks, PCI DSS, and NIST.
What it can discover
Infrastructure scanning detects risks across the following categories:
| Category | Examples |
|---|---|
| Missing patches | Unpatched operating systems, outdated software with known CVEs |
| Exposed services | Open ports, unnecessary services running, publicly accessible management interfaces |
| Configuration weaknesses | Default credentials, weak encryption settings, disabled security features |
| Network vulnerabilities | Unencrypted protocols, insecure DNS configurations, weak firewall rules |
| Compliance gaps | Deviations from CIS Benchmarks, PCI DSS, HIPAA, and other standards |
Supported Infrastructure scanning tools
Invicti AppSec Enterprise integrates with the following third-party infrastructure scanning tools:
| Tool | Focus |
|---|---|
| Nessus Professional | Vulnerability assessment and compliance auditing |
| Tenable.io | Cloud-based vulnerability management |
| Tenable.sc | On-premise vulnerability management |
| CrowdStrike Infra | Endpoint and infrastructure security |
| Lacework Infra | Cloud infrastructure security |
| Qualys Infra | Vulnerability management and compliance |
| Rapid7 Infra | Vulnerability assessment and penetration testing |
All infrastructure scanning tools require manual activation under Integrations. See Third-party scanners overview for activation instructions.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center