Vulnerability Management Strategy: Everything you need to Know
Year on year, millions of new vulnerabilities are being discovered worldwide, forcing organizations to reconfigure the entire security settings of network environment and patch operating systems (OS) and applications. Vulnerability management provides the highest levels of security posture possible and helps organizations proactively address vulnerabilities before they are utilized by cyber attackers.
Need for Vulnerability Management:
Traditional security solutions are ineffective for long-term
For combatting today’s known attacks, Security solutions such as (intrusion detection systems, antivirus, encryption, prevention systems, patching, etc.) are still a key control. As attackers explore new ways of escaping such controls, the effectiveness of such solutions shrinks over time.
Gaps in finding the incidents
Because of fundamentally unavoidable gaps in detecting the incidents in their infrastructure, Organizations often do not have the capacity to find data security occurrences.
The rising danger of cyber attacks
Cyber threats are expanding in number and advancement, in the past 10 years, the most reported cyber-attacks were malicious code, Trojans and advanced worms, botnets, DNS attacks and spam sites. But today the cybercriminals are challenging the world with new malware such as bitcoin wallet stealers, ransomware, pos assaults, to give some examples.
Transformation in information security requirements
The Data security requirements are changing at a lightning speed, as the Hackers are relentless and finding new techniques to penetrate malware in the system. This makes the organizations face complex challenges in the process of preparing for information security incidents.
Vulnerability management solutions
Many vendors today offer varied solutions to streamline and automate the process of vulnerability management. Some solutions emphasise exclusively on vulnerability assessment, some execute vulnerability scanning only, while some vendors provide complete coverage of the entire vulnerability management process.
While, Cymune cybersecurity solutions offer more than just vulnerability management, adding value by incorporating other security solutions that, in total, helps to protect the entire network environment better, these solutions include:
- Asset discovery
- Data classification
- Intrusion detection
- Privilege access management
- Threat detection and response
- SIEM and log data correlation
- Compliance auditing and reporting
Vulnerability Assessment Methodology:
Preparation
- In this phase, a formal contract is signed which also contains a Non-Disclosure Agreement. The contract also outlines infrastructure perimeter, evaluation activities, time schedules and resources available to a tester.
- A template is provided to the client to receive the details of the IT Infrastructure which assist Cymune to analyze the critical areas to perform the audit
- Study & Scope of the IT architecture & components for assessment
- Determine the boundary of assessment
- Identify asset owners & schedule tasks, if any
- Perform Impact analysis for active scans, which includes analysis of Service(s) or Server(s) scans in the online production environment
- Estimate the scan process, based on the complexity of the target network(s) and host(s)
- ICMP access to perform the audit.
Scanning
After gathering the preliminary information, we will identify alive and reachable systems via the Network/Internet and what services they offer. We define the Scan policy for each target. Scan policy to define the level of — Scan, Information gathering, policy checking, port scanning, Password analysis, attack simulation etc. We perform the followings activities based on the architecture and complexity of the network.
The live systems will be probed for available services. The process of scanning can involve many tools and varying techniques depending on what the goal is and the configuration of the target host or network.
Enumeration
If acquisition and non-intrusive probing have not turned up any results, then a tester will next turn to identify valid user accounts or poorly protected resource shares.
Enumeration involves active connections to systems and directed queries
The type of information enumerated by the tester:
- Network resources and shares
- Users and groups
- Applications and banners
Vulnerability Analysis
Vulnerability Analysis is the act of determining which security holes and vulnerabilities may apply to the target network or host. The vulnerability analysis phase is started after some interesting hosts are identified via scanning tools and are preceded by the enumeration phase.
Following are the points taken care of during this phase:
- Identification & Filtration of False Positives
- Identification & Filtration of False Negatives
- Banners exposing internal information
- Exposed Web Applications variables, etc
- Default configuration mistakes
Documentation
- Step 1: Collect the scan results and analyze for security loopholes, configuration errors, default installation settings, overlooked setups, password quality, firmware/software revisions, patch fixes, security policy violations etc.
- Step 2: Classify the vulnerabilities discovered within the environment spanning — Technical, Organizational and Process issues; into categories of High, Medium, and Low risk.
- Step 3: Perform impact analysis of the vulnerabilities discovered and threats arising thereof, per se the client’s IT architecture.
- Submission of Reports
- Step1: Detailed explanations of the implications of findings, impacts, and risks for each of the identified vulnerabilities.
- Step 2: Recommended Action Items including immediate fixes, policy recommendations and product recommendations for improving the overall network security.
- Step 3: An executive summary highlighting key findings and recommendations from a security perspective.
Originally published at https://www.cymune.com.
