How Does Vulnerability Management Work?
Vulnerability management is an ongoing process that includes several steps and should be treated as a cycle, not something performed as a one-off.
- Asset discovery and inventory: All endpoints and systems must be accounted for to ensure security.
- Vulnerability scanning: Using vulnerability scanners helps identify misconfigured systems and insecure software or hardware.
- Patch management: Deploying software patches, especially security-focused ones, is one of the most basic steps toward reducing vulnerabilities.
- Configuration management: Properly securing systems and having backups in place to mitigate exploits or prevent ransomware attacks greatly reduces security risks.
- Security Incident and Event Management (SIEM): Using SIEM tools for real-time monitoring of events can flag new issues or suspicious events that were missed by vulnerability scanners.
- Penetration testing: Having the systems thoroughly tested by ethical hackers can reveal issues a standard vulnerability scanner might miss.
- Threat intelligence: Being aware of current threats and how to mitigate them helps your organization stay one step ahead of attackers and plan how to respond to ransomware or malware, should you be faced with such threats.
- Remediating vulnerabilities: Once vulnerabilities have been identified, security teams can consider how they would be exploited and ensure all avenues are protected.
Common Vulnerabilities and How They Are Ranked
The Common Vulnerability Scoring System ranks vulnerabilities based on a variety of metrics, including attack vectors, scope and impact. Vulnerabilities are rated according to the following severity scale:
||0.1 – 3.9
||4.0 – 6.9
||7.0 – 8.9
||9.0 – 10.0
Prior to version 3 of the Common Vulnerability Scoring System, only the Low, Medium and High bands were used. When common vulnerabilities and exposures (CVEs) are published online in databases such as MITRE's CVE list or the NIST National Vulnerability Database, the severity of the vulnerability is included to give an idea of how critical the issue is.
Low-severity vulnerabilities may simply cause an app to crash or reveal relatively innocuous information about the system. In addition, it might require a very specific and unusual combination of system settings and installed applications in order to be exploited. A high or critical vulnerability is likely to affect a large percentage of systems running the software in question and has more serious consequences if exploited. For example, a remote execution vulnerability that could be exploited to run ransomware would be a critical exploit.
The Vulnerability Management Process
The vulnerability management framework involves working through a process of identifying and evaluating vulnerabilities before taking steps to mitigate them, as shown below:
The first step of the process involves identifying vulnerabilities through a combination of vulnerability scanning and penetration testing.
2. Prioritize Assets
Take an inventory of your assets. Consider which are most critical, as this will help when assessing the impact of vulnerabilities.
Evaluate the vulnerabilities found in step one; prioritize them based on their severity and potential impact on your assets.
Report any known assets and document potential issues, plus your plan to fix them.
Install security updates, make configuration changes and take other steps to mitigate known vulnerabilities.
During this phase of the cycle, security teams reassess and monitor their networks and endpoints, looking for areas where security could be improved.