1.Vulnerability Management Overview
O que é o gerenciamento de vulnerabilidades?
Vulnerability management is an ongoing program that uses a variety of technologies and tools to identify cyber risks across your entire organization, align them with your operational goals and objectives and then remediate vulnerabilities in a timely manner to secure your network and keep your operations safe.
Vulnerability management is not a single tool or resource. It’s an ongoing program with people, policies and processes that work together toward common goals to ensure your attack surface and cyber risk are as small as possible.
Fixing vulnerabilities across your entire attack surface is a daunting task. The reality is, the volume of assets in most organizations, coupled with more than 200 potential attack vectors, makes it challenging for security teams to patch and remediate them all.
It’s even more challenging when you consider most organizations don’t have the right tools to gain insight into all of the assets across your entire organization—from traditional IT, to cloud, to mobile, to containers or serverless, to web applications and operational technology (OT) assets.
Add that to the reality of the real world problem that many assets have multiple vulnerabilities and before you know it, your security team is buried under a mountain of vulnerabilities.
The more vulnerabilities that exist and the more disparate remediation functions are, the more likely it is attackers can exploit your attack surface.
That’s where vulnerability management comes in.
What does vulnerability management entail?
There are five core steps for effective vulnerability management. These steps align with your Cyber Exposure lifecycle.
Etapa 1: Descobrir
Identify and map all of your assets across all of your computing environments
Etapa 2: Avaliar
Understand exposure of all of your assets including vulnerabilities, misconfigurations and other security health indicators
Etapa 3: Priorizar
Understand your exposures with context so you can prioritize remediation based on asset criticality, vulnerability severity and threat context
Etapa 4: Corrigir
Prioritize which exposures to address first and then use the appropriate remediation process
Etapa 5: Calcular
Measure and then benchmark your exposure so your teams can make better business and technology-related decisions
What's the difference between vulnerability management and vulnerability assessment?
Vulnerability management and vulnerability assessment are different, but complementary practices.
Vulnerability management is an ongoing program that uses a variety of tools and processes to help you identify all of the assets and vulnerabilities across your attack surface. It also helps you plan how you will mitigate issues, remediate weaknesses, and improve your overall security posture.
Vulnerability assessment, on the other hand, is a one-time project you conduct on a regular basis to identify all of your assets and vulnerabilities.
Generally, vulnerability assessment, which is not the same as a vulnerability scan, has a specified beginning and end date. It’s a snapshot of your attack surface at a specific point in time.
Vulnerability assessment is part of your overall vulnerability management program, which helps you continuously identify and address your cyber risks.
How is vulnerability management different from risk-based vulnerability management?
Traditional vulnerability management practices, which we refer to as legacy vulnerability management, give you a theoretical view of vulnerabilities and risks. It uncovers threats a vulnerability could introduce into your environment, but it doesn’t discover threats that pose real risk.
Without clear insight into actual risks, your security team can get bogged down trying to remediate vulnerabilities that may not pose actual risk and can miss finding and remediating critical vulnerabilities more likely to impact your organization.
Adding a risk-based approach to your vulnerability management practices can help you better understand risks—with threat context—so you have insight into the potential business impact of weaknesses across your attack surface.