Technical Support Engineer
NNT - New Net Technologies
Reducing your attack surface requires a robust vulnerability management solution to help combat today’s most persistent and devastating cyber threats.
Whether you’re a CIO, IT manager or an engineer, you probably know that Vulnerability Management is a critical element of any information security strategy. But a vulnerability management program can only reach its full potential when it’s built on a solid security foundation with well-established goals and desired outcomes, as program outcomes drive process development.
In addition to company goals, it’s important to understand the basics, such as asset discovery, scanning frequency, how to prioritize your assets, running vulnerability scans and how to review and remediate any identified vulnerabilities.
This Vulnerability Management Best Practices guide will help your organization get started on its vulnerability management program and identify and remediate cyber threats before they can harm your organization.
Start off by running a quick discovery scan to generate a full list of every device in your environment. From that list, you’ll want to ensure that you scan everything that touches this network for any vulnerabilities. Anything from Production Application Servers, File Servers, Internal Testing Environment, to your small IoT devices, all need to be scanned to ensure you check for all possible vulnerabilities that could leave openings to the rest of your network.
It’s also recommended to run scheduled discovery scans to ensure that all devices in the network are being covered. Any new devices that come into the network after your first discovery scan would be left out of other scanning and can open up more vulnerabilities in the environment. Below is an example of a discovery report that we ran in our Naples Lab using the Greenbone Security Manager (GSM) Appliance.
Depending on the Vulnerability Scanning tool used in your environment, scanning can often times become a cumbersome process to go through, which is why some IT environments run scans anywhere from Monthly to Quarterly. However, with the vulnerability scanners available today that offer scheduled scanning tasks, this scanning frequency should be increased to a minimum of every two weeks to a week as recommended by the Center for Internet Security (CIS). With the Greenbone Security Manager Appliance, we're able to create schedules that can be added to the different scans and tasks running on the appliance.
Once you've ran your discovery scan and have identified all of the assets within your environment, it's important to categorize these assets and prioritize them based on their functions. This is done to ensure that vulnerabilities on critical systems are prioritized first when we later perform any remediations to these vulnerabilities.
Once you’ve established all of the above information, you can begin running scans on your systems and finding the vulnerabilities on your systems. Note that different scanning configurations define a scanning strategy for your assets. Most quality vulnerability scanners will allow for scans to be run under different scan profiles providing a trade-off between scan speed and the depth of the vulnerability tests. Ensure that you compliment your regular scans with deep dive scans on all your prioritized assets, using system credentials and vulnerability tests which interact with operating systems and applications to provide fine grain vulnerability reports. Deep dive scans such as these will take more time per asset and will potentially consume resources on the asset, so these types of scans are better run out of normal business hours. We can also perform scans using credentials to authenticate into these systems, which will open up even more holes and vulnerabilities that your systems have.
After running the scans on your devices, it's time for us to review and remediate the vulnerabilities identified in our reports. Each vulnerability within your report should have some kind of a risk rating. This rating will give you an idea of how severe the vulnerability is and how you should prioritize the remediation. As a best practice, it's best to take care of these High-Risk vulnerabilities first, even if it's an internal testing system as they leave the biggest openings to your environment.
Once those high-risk vulnerabilities are dealt with and remediated, it’s best to deal with any easily exploitable medium-risk vulnerabilities that many hackers tend to prioritize as they know the high-risk vulnerabilities will usually get patched out. Once those two set of vulnerabilities are taken care of, you can separate out the remediation into chunks based on prioritization of the assets. First working on your production systems, then moving your way down the list. Also note that you want to constantly test to make sure the remediations are completed successfully. This can be done by running a quick scan after performing a remediation to a system.
An enterprise vulnerability management program requires preventative technology that can detect risk, but it also requires a solid foundation of trained professionals and carefully constructed processes to guarantee that the program is successful. This process is ongoing and must be continuously adapted to reduce risk and align with your business objectives. In order to be effective, this process must be reviewed regularly and adjusted accordingly to stay up to date and mitigate the latest threats and vulnerabilities.
Get started on your Vulnerability Management program today with a free Greenbone OpenVAS Vulnerability Scanner license, courtesy of NNT.