7 Pro Tips for Vulnerability Management

Managing vulnerabilities in an organization's network is often an overwhelming job that's never done. But with the help of automation and with proper prioritization, security teams can stay on top of the task.

Author: Melissa Michael
Date: 19.06.2018
Read Time: 4 Minutes

7 pro tips for vulnerability management

 

As any security analyst knows, managing vulnerabilities in a company network is a never-ending task. According to a 2017 Enterprise Management Associates study, there’s an average of ten vulnerabilities per IT asset, amounting to an average of around 20,000 vulnerabilities the average midmarket company must manage at any given time. It’s no wonder, then, that 74% of security teams reported being overwhelmed by the amount of vulnerability maintenance work assigned to them.

With all that stress and with the shortage of manpower many teams also experience as a result of the cyber security skills crunch, how can security teams get a handle on managing the sheer volume of vulnerabilities? While it’s practically impossible to fix every vulnerability, with the help of automation and with proper prioritization, security teams can keep vulnerabilities at a manageable level and take care of the ones that present the greatest risk to the organization. We asked F-Secure’s Tuomas Miettinen for his tips on keeping the vulnerabilities at bay.

1. Be sure your workstation and server software is up to date

Most commodity malware exploits vulnerabilities in workstations and servers. Patching those will reduce the available attack surface and eliminate the occurrence of certain vulnerabilities in your scans from the start. With patch management or software updating tools like Software Updater, this process can be automated to ease your workload.

2. Discover and map out your assets

If you don’t know it’s there, you can’t protect it. Inventory your assets – your devices, services and open ports both on-premise and on the internet. Discover shadow IT assets and decommission unnecessary open ports and old targets. The devices, services, and applications that make up a network are constantly changing, so regular inventory is essential, but this is easy to automate with tools like F-Secure Radar‘s discovery scanning.

3. Scan for vulnerabilities, and do it regularly

Vulnerability scanning should be done on a regular basis. One scan is just a snapshot in time, but new vulnerabilities are found and reported every day. Frequent scans are needed to stay on top of the current situation. They are also helpful in confirming that a problem that has been previously attended to really is fixed. This process can also be automated and scheduled with F-Secure Radar. And don’t forget to scan services hosted by third party service providers.

4. Focus on the most important vulnerabilities first

Scanning will identify a lot of vulnerabilities, which can be overwhelming. Prioritization should be given to business-critical assets. Because you’ve done a thorough asset inventory, you know what you have – so categorize those assets and prioritize. Rather than thinking in terms of single targets, consider the interconnectedness of assets with the rest of the IT environment and to the internet. Think about the effect an exploited vulnerability would have on the rest of the environment, and fix the critical vulnerabilities across all platforms and services.

5. Document the scan results

Keep track of the scan results and the changes that have been made. Later you’ll have a record when you need to review what was done previously. To help with this, F-Secure Radar includes history data and ticketing to track down who is responsible for fixing vulnerabilities.

6. Make plans for unpatchable vulns

Not every vulnerability can be patched. For the ones for which patching isn’t feasible, make a mitigation plan to minimize the possibility of exploitation. Mark this as an accepted risk and report it to your head of security. Unpatchable, end-of-life products are vulnerable and need to be replaced. Doing a risk analysis will help a company justify investing in replacing vulnerable legacy systems.

7. Don’t take anything for granted

It doesn’t matter how big or small your company is – you will be targeted not because of your company, but because a vulnerability exists and can be exploited. Adversaries have automated tools that scan the internet for vulnerabilities and when they find them in your infrastructure, attackers go after them simply because they have the opportunity. They’ll then see what’s inside your company they can exploit for financial gain.

 

A program of regular inventory scanning and continuous attack surface assessment will help you stay on top of vulnerabilities. F-Secure Radar simplifies the process of vulnerability management with internet discovery, asset discovery and vulnerability discovery all in one easy-to-use solution. It also satisfies the GDPR requirement for having a process of regularly testing, assessing and evaluating the technical measures for ensuring security of data processing.


Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s