What Is Vulnerability Management? [source: tripwire]

21 Nov 2017

No Comments

1268

Enterprise networks regularly see change in their devices, software installations and file content. These modifications can create risk for the organization. Fortunately, companies can mitigate this risk by implementing foundational security controls.

For example, enterprises can monitor their important files for change using file integrity monitoring (FIM). This security measure enables IT security teams to determine when files change, how they change, who changed them, and what can be done to restore them if those modifications are unauthorized.

Organizations can also use foundational controls to monitor for vulnerabilities potentially introduced by the addition of new physical and virtual devices. FIM won’t do the job, however. To obtain an accurate assessment of risk, minimize security threats and maintain compliance, companies should turn to vulnerability management.

There are four stages to any effective vulnerability management program:

1. VULNERABILITY SCANNING PROCESS

Companies cannot adequately manage risk without first determining which of their IT assets need protecting. Organizations should leverage factors such as physical or logical connection to higher classified assets, user access, and system availability to develop an asset’s risk factor. They should then identify the owners for each of those assets, set a scan frequency, (The Center for Internet Security recommends a frequency of at least weekly.) and establish timelines and thresholds for remediation.

2. ASSET DISCOVERY AND INVENTORY

Once they have developed the vulnerability scanning process, enterprises must decide which assets they will subject to that procedure. They must engage in asset discovery – another foundational control – and develop an inventory of all hardware and software installed on the corporate network. That inventory should include both authorized and unauthorized devices/software, so that security teams can approve access and installation/execution for approved devices/software only.

It should also record more granular details including possible connections with other assets, configuration, maintenance and replacement schedule, software installations, and usage.

For more, click here.