The Big Bad Wolf Is Lurking: Are Your Vulnerability Management Practices Leaving the Door Open?
Joe Reyes Senior Manager, Security
Omitting vulnerability management from your network security plan is like building a wolf-proof house of brick—and then not locking the front door.
Attacks resulting in data loss are typically engineered by someone exploiting known network security vulnerabilities. Often, the vulnerabilities are well-documented. These deficiencies could be anywhere in your network—from software and network infrastructure to servers, workstations and even employee devices.
Yet, with a strong vulnerability management program in place, any bad actors who gain entry to the network will struggle to find internal weaknesses to exploit.
Not All Vulnerabilities Are Created Equal
That said, it’s easy for a certain amount of crying wolf to creep into vulnerability management.
Imagine receiving a hundred reports of vulnerabilities on your servers each week—and you’re managing 1,000 servers. It all becomes a blur as you struggle to determine a relevant threat from an irrelevant one.
With this going on week after week, many system admins simply get desensitized to all the tickets being opened against them. Numbed by an overload of irrelevant threats, they push back on the scanning process.
In Search of Relevance
Truth be told, not all vulnerabilities are created equal. Likewise, not all assets are of equal importance—nor are they equally vulnerable to attack.
Yes, there will always be very real vulnerabilities in a network. But before hackers can do anything, they have to be able to exploit the vulnerability. If there’s no exploit created for it, and it hasn’t been exploited to date, there’s no relevance.
With that in mind, your vulnerability scanning should look at not only what is known to be vulnerable, but also identify what is already known to have been exploited. The result is a relevant vulnerability.
Get Your Priorities Straight
The goal of effective vulnerability management is to identify the most pressing vulnerabilities at any given moment and then focus the appropriate resources on mitigating these threats. In other words, prioritize your most critical threats, and then respond to them with verified patches and solutions.
That starts with determining what needs to be dealt with first. As mentioned earlier, if there’s no record of that vulnerability being exploited, your system should rank it lower.
This prioritized list of actions then drives ticketing for your remediation efforts.
Whoever is doing the scanning prioritizes critical or high-value vulnerabilities and then opens a ticket to the owner of that server. Depending on the criticality, that person may then have seven days to remediate. The following week, the device is scanned again to ensure that it is no longer vulnerable.
In general, your response to vulnerabilities will take one of three forms:
Remediate. You correct a discovered flaw. If you are missing a patch and it is causing a vulnerability, you install the patch and remediate the problem.
Mitigate. You reduce risk by taking some other action outside of the affected system. For example, you install a firewall instead of fixing the flaw you’ve uncovered in a web application.
Accept. You make a choice to accept the known risk.
4 Best Practices
Vulnerability management is no longer optional. Increasingly, a solid program is required as part of your compliance, audit and risk management activities. As you evaluate your current processes, consider these best practices:
1. Scan regularly.
Use a quality vulnerability scanning tool to identify every computing asset on your network. That means in-house as well as on endpoints and cloud environments. Of course, this information needs to be continually refreshed to keep up with changes in your network.
Categorize information about your assets into relevant categories, such as vulnerability, configuration, and status of patches and compliance.
3. Slam shut the vulnerability window.
High-value vulnerabilities, such as those related to credit card information, must be addressed right away. The key is reducing any remedial friction. That starts with efficient handoff of identified vulnerabilities to the operations team.
4. Scan again.
Finally, scan again to make sure the vulnerabilities are gone.
The big bad wolves of the world are constantly looking for network weaknesses—and so should you. Ensono can help you develop a vulnerability management program focused on finding the weaknesses in your network, and fixing them fast.