What Is Vulnerability Management?
Vulnerability management can be defined as “the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities."1 Organizations use vulnerability management to preemptively defend against the exploitation of vulnerabilities in company applications, software and networks. Organizations that can effectively implement vulnerability management will be significantly safer from data breaches and theft. This process can be viewed in five key steps:
- Outline vulnerability management policy.
- Discover existing vulnerabilities.
- Analyze current level of security and rank vulnerabilities by threat level/remediation actions required.
- Mitigate the causes of vulnerabilities.
- Maintain security through ongoing testing and discovery.
Vulnerability Management Policy
Defining policy is the crucial first step of vulnerability management. An effective vulnerability management policy should do the following:
- Define the level of security that an organization wants to maintain.
- Set guidelines for vulnerability management practices (from testing to remediation and maintenance).
- Classify vulnerabilities by risk/threat and remediation effort.
- Determine how often scans will be performed and allotted remediation times.
- Define access-control policy for all devices connected to company networks.
- Outline the consequences of noncompliance with vulnerability management policy.
Vulnerability Management Solutions
There are many commercially available vulnerability management solutions. These offerings range from automated vulnerability management systems to vulnerability scanning tools that require implementation by the organization. Vulnerability management solutions often include features such as policy management, application scanning/testing, vulnerability remediation, network and vulnerability monitoring, and reporting (vulnerabilities, compliance issues, etc). Effective solutions should offer scalability and ease of implementation/integration. It is also important that vulnerability management solutions provide tracking and metrics for measuring success.
Combining Threat and Vulnerability Management
The effectiveness of vulnerability management depends on the organization’s ability to keep up with current security threats and trends. Today’s application security threatscape is constantly evolving and, as a result, organizations need to be proactive in their threat and vulnerability management efforts. Most vulnerability management tools or systems will provide updates as new threats emerge, but organizations should still engage in threat research and analysis on a regular basis.
Network Vulnerability Management
A comprehensive organizational cybersecurity program requires that enterprises engage in both application and network vulnerability management. While application vulnerability management protects the “front door” to a company’s data, network vulnerability management protects the “back door.” Both must be secured for an enterprise to adequately protect its critical data. Organizational security teams must integrate their network security vulnerability management efforts with their application security efforts to ensure that new threats are protected across both layers.
Network vulnerability management typically involves the use of tools such as antivirus programs, firewalls and/or intrusion detection systems. In addition to using these tools, security teams should regularly run security tests against the network from the outside in. This tests the network from the attacker’s perspective, allowing testers to discover vulnerabilities before attackers have the chance.
1. Foreman, P: Vulnerability Management, page 1. Taylor & Francis Group, 2010. ISBN 978-1-4398-0150-5