Vulnerability Management has become a major issue as we continue to move to a more connected global economy, with virtually every business dependent upon computers and their online presence for day-to-day operations. The more connected your enterprise, the larger your online footprint, and even the more interconnected with vendors and suppliers, the larger the risk of cyber attack and the greater the need for rock solid information security. Vulnerability Management is essentially a systematic and repetitive practice of identifying and analyzing, then remediating or mitigating vulnerabilities. This activity needs to encompass all computing devices – network, server, storage – and needs to address both software and firmware. It’s a tall order to be sure, but here are some practical building blocks that can help you construct a solid Vulnerability Management program.
A good Vulnerability Management program starts with knowing what assets you have that need to be scanned, and how scanning can be achieved.
- Comprehensive Assessment Options –> While active external scanning is known to deliver the broadest coverage of assets and vulnerabilities, it is not always appropriate. Mission critical or highly sensitive servers are often configured to block and alert when being probed, and transient devices that are not always online or in the same network segment would be difficult to find. In these cases, Agent-based scanning and passive traffic listening may be your only options.
- Asset Tracking –> A method to pinpoints the true identity of each resource – even dynamic IT assets like laptops, virtual machines and cloud instances of servers is necessary to avoid constant reconfiguration of scanning tools. Assets can be tracked using an extensive set of attributes to accurately track changes to assets, regardless of how they roam or how long they last in any iteration.
- Elastic Asset Licensing –> In an elastic approach, licensing is based on assets instead of IP addresses. Considering the issues listed under Asset Tracking, elastic asset licensing is an important feature to have.
A good Vulnerability Management program incorporates ease of use factors, including integration with existing management systems.
- Streamlined User Interface –> Common tasks, such as running assessments and producing reports needs to be simple. For example, reports needed by System Administrators for detailed remediation information and reports for management or auditors are going to be different, but need to be readily accessible. Pre-defined templates and configuration audit checks based on best practices or security frameworks such as CIS and DISA STIG will help keep your Vulnerability Management program simple to operate while helping protect your organization.
- Simplified Integration –> To avoid duplication or the need for manual integration, your vulnerability management solution needs to include pre-built integration linkages with complementary information security systems. Tight coupling with automatic feeds to and from systems like your password vault, SEIM, patch management and Mobile Device Management (MDM) solutions will enable simplified and automated integration for quick and easy streamlining of your Vulnerability Management program.
A good Vulnerability Management program has at it’s core a solid scanning tool.
- Fast and Accurate Scanning –> Many Vulnerability Management programs, like that available from Intrinium, are built on a base of the industry leading scanning tool Nessus, from Tenable. Nessus delivers fast and accurate scanning with the industry’s broadest coverage for assets and vulnerabilities.
It is important to include all the blocks when building a Vulnerability Management program. Solid success is dependent on clarity of scope and methods, simplified usage and integration, and a quality tool at the core. Just like building a house, every block is necessary for a quality outcome!