Vulnerability Management (VM) goes beyond a simple computer scan and reporting to provide a comprehensive approach to IT vulnerabilities via remediation activities planned and performed by security professionals.
VMS aims to mitigate real-world or virtual security threats to diminish the risk of potential losses and danger to the company and its workers, and includes providing automated network discovery, mapping, asset prioritization, vulnerability analysis, reporting and remediation tracking, based on a company’s business needs.
What is Vulnerability Management?
Vulnerability is defined in ISO 27002 as any weakness on a single or group of assets that could be exploited by threats. Vulnerability management needs to be conducted to identify such weaknesses.
Through vulnerability management, the risks and threats are evaluated and corrected. These issues can then be removed, or the organization submits to a formal risk acceptance in cases of low-level risks or cost-benefit analyses.
Vulnerability management, therefore, is the process that identifies, evaluates, treats, and reports any security vulnerability found in the system and the specific software running on it. It is typically used interchangeably with vulnerability assessment, which falls under the broader coverage of vulnerability management.
The Vulnerability Management Process
The NST Vulnerability Management Service (VMS) is an automated service where devices are routinely scanned for known vulnerabilities. The results following the scan form the basis of reports containing information on possible weaknesses, risk evaluations on the network and recommendations for the delivery of solutions to rectify the vulnerabilities.
The initial stage of VM involves the execution of control and configuration tasks. This preparation phase is where goals and requirements are determined, shaping the scan policy to be applied.
At this phase, the scan scheduling and actual scan are set, based on the organization’s needs. Scan schedules refer to the intervals assigned for scanners to import vulnerability assessment data from external devices in the network.
The experts from your service provider then track the scan progress and provide an initial report. They also apply a ticketing system for the detected vulnerabilities, ranked by severity.
Assess and Value
The security professionals then assess the vulnerabilities regarding their applicability to the IT environment. This is the stage where the weak spots are assigned their business value and severity ratings based on the criticality and sensitivity of the data.
Analyze and Prioritize
This stage defines the remediation activities based on data sensitivity and account criticality, which have been determined during the scanning of assets. It also filters out false positives, wherein a given condition is shown to be present after a scan, yet is not. These type 1 errors are effectively reduced by tracking individual assets, device criticality, and owner assignment.
Your service provider then provides a centrally controlled Incident Management tool to track vulnerabilities up to their resolution. Security experts will also manage the scanning agents, facilitated through the utilization of Windows Terminal Services, enabling encryption in the process. This configuration grants the professionals administrator access to devices. It is the responsibility of the service provider to modify scanning applications and any underlying operating system.
The security operations analysts are also responsible for the software maintenance of the Scanning Agents.
Types of Vulnerability Scan
- External Scan. This vulnerability management service scouts for holes in the network firewall, which could become the entry point for malicious break-ins and attacks to the network. Before the initial scan, the service provider must first verify the owner’s identity and scan only publicly routable static IP addresses.
- Internal Scan. An internal VMS deploys an agent within an organization’s network and applies for all the vulnerability management processes and benefits. This type of scan blocks vulnerabilities from the inside and prevents damage to the system itself.
Levels of Scanning
- Level 1 scan is non-intrusive and identifies most vulnerabilities found on the scanned host.
- Level 2 scan is authoritative and in-depth in that the scanner has administrator control to interrogate the scanned host from the inside.
Keeping Your Data Safe
Staying a step ahead of threats and attacks is crucial to any business. NST ensures that critical data and accounts are protected, and all successful penetrations are assessed according to impact to ensure that there is no lasting damage to the company’s network and systems.
VMS also evaluates the current defense environment of the organization so that it can be enhanced to secure the company against external and internal threats. If you are looking for a trusted provider of VM services, contact NST and learn how we you can benefit from our services.