Sorry if this is a stupid question but here goes. If you allow all kinds of exceptions (EDR/Web Proxy for external scanners), IDS, etc) for your vulnerability scanners (internal and external), doesn’t this leave open the possibility that these devices can be be compromised and used by threat actors for reconnaissance?
If so, what kind of additional protections do you put on them. Realizing that they are most likely linux servers with a less vulnerable attack surface than say Windows boxes? Maybe things like higher degree of monitoring, separate VLAN, more frequent ssh key rotation?
Or I am way off base on this?