By Published on

Your security scan crashed a server

system administrator comes to you and says that you crashed his server with your security scan, what would you tell him?

As a cybersecurity manager you first make sure not to start a turf war, something like "I am the security boss here and I decide what's apropriate and what's not".

You explain that the scan was just a standard, passive assets discovery scan of a end-users LAN, run from an end-user workstation of a cybersecurity analyst. Not really announced beforehead, just a routine scan of what's currently visible on the LAN.

You analyze what actually caused the server to crash (in this case it was an intranet server) and you find out that:

  • it was an outdated component that brought the server down and that component (Veritas backup) should have been uninstalled or updated long ago,
  • the server was accessible from the end-user LAN.

So, the accusation may quickly turn into the following conclusion - "we are sorry to have brought a vital server down but thank you for telling us that it was us".

Because now we have accidentally discovered two major security issues:

  1. The server was visible on the users’ LAN.

That alone is a material security failure, independent of the crash.

From a governance perspective:

  • end-user networks ≠ server networks,
  • discovery from a workstation should never reach core infrastructure,
  • we didn’t know it was there” is not a defense — it’s confirmation of exposure.
  1. An unpatched, legacy backup service crashed on a simple port scan.

That’s not the same as “the security team broke the server”.

That’s:

  • unsupported software,
  • exposed service,
  • critical role,
  • no resilience.

As a security leader you should not focus on "security was right". Do not say "this is your fault", or "you are incompetent".

Instead focus on a risk: "it's not about someone's victory, it's about risks for the company".

The scan didn’t create the risk — it only revealed it. The crash was noise and the exposure was the signal.

Nothing more nothing less. Our only intention is to protect this company.