Vulnerability Management is a feature of novaSOC
Some businesses wrongly imagine that their infrastructure is unflawed since they’ve never experienced a cyber incident. Every week we read of cyber attacks and incidents occurring on a broad scale. It makes it wise to find the flaws before an incident happens and keep your business data secure.
What is Vulnerability Management?
New vulnerabilities are continually being discovered, making it necessary for business IT departments to patch systems (OS), applications and make adjustments to security settings for the entire network. Conventional vulnerability management is carried out in two ways, remote scanning or running an agent on the endpoint.
Vulnerability management is broadly defined as the process that identifies, categorizes, prioritizes, remediates vulnerabilities in (OS), enterprise applications, networks browsers, and user applications. It is a continual process that seeks out and resolves vulnerabilities where they exist through patching and security settings changes.
Vulnerability Management to Address Threats
Hackers and Cybercriminals use new vulnerabilities to attack business networks and attempt to infect connected devices. Managing and remediating threats is mostly a reactive process. It means a threat must be active and present to do the work.
Vulnerability management works differently. It’s a proactive method that closes security gaps so that hackers can’t leverage them to infiltrate their systems.
Simply patching and reconfiguring security settings is not vulnerability management. It’s a controlled method developed with a mindset that understands that new vulnerabilities appear daily. Continual monitoring to discover them is needed so that IT can remediate them.
What is a Vulnerability?
Anything that a hacker can leverage to gain privileged control or unauthorized access over an endpoint, application, server or service is a vulnerability. Some of the more tangible ones are unprotected configurations of software or operating systems, comm ports open to the internet, methods that allow a hacker to get privileged access by using an approved interaction, and any susceptibility that enables malware to spread infection through a system.
How Do We Categorize Vulnerabilities?
While some security vendors may develop a unique method of defining and categorizing vulnerabilities, generally, vulnerability management is standards-based. Most organizations use the security content automation protocol (SCAP) standard set by the National Institute of Standards and Technology (NIST). The list can be split into a small number of parts:
Common vulnerabilities and exposures (CVE) – A CVE defines a specific vulnerability that can be leveraged for an attack
Common configuration enumeration (CCE) – The CCE is a list of system security configuration issues. It is used to create configuration guidance.
Common platform enumeration (CPE) - CPEs are standardized methods used to describe and identify the application, operating system, and device classes in a network. These are used to describe what a CCE or CVE applies to.
Common vulnerability scoring system (CVSS) – This works to assign severity scores to vulnerability defined and prioritized remediation priorities. The scores range from 1 -10, with 10 being the most severe.
Vulnerability Management at novaSOC
Each new vulnerability brings with it a risk. At novaSOC a local agent gathers the software inventory to determine any unpatched vulnerabilities. It then displays a dashboard containing vulnerability information for service providers to use as a punch list for getting customers back above water.