WHAT IS THE VULNERABILITY MANAGEMENT PROCESS?
What is the vulnerability management process?
A vulnerability management analyst finds weaknesses in networks, software, web application, mobile devices, etc. This will help your organization’s overall security posture. Many data breaches would be prevented by having a good vulnerability management process. A data breach is a leak of information to the public. The vulnerability management process includes detecting vulnerabilities, assessing the risk, prioritizing remediation, remediation, and confirming remediation.
Detecting Vulnerabilities
Detecting vulnerabilities will most likely come from an automated or manual vulnerability scan. Some popular vulnerability scanners are Qualys and Nessus. When performing vulnerability scans it is best to automate your scans to run on a weekly or biweekly basis. Non-credentialed scans are great to find out what an outside attacker can see. For a non-credentialed scan, you will not have any login information when scanning. Credentialed scans let you find out what can happen if an attacker already has credentials. For a credentialed scan you make have a login to the web application you are scanning.
Here is a screenshot of some critical vulnerabilities.
Assessing The Risk
Your risk appetite will help determine how you assess risk. Risk appetite is how much risk the company is willing to accept. This step is when you determine what level of vulnerabilities you are willing to remediate. For example, an organization may not want to remediate low-level vulnerabilities.
Prioritizing Remediation
According to the cvss version 3.0, it is five vulnerability levels(critical, high, medium, low, and none). CVSS stands for common vulnerability scoring system. Most of the time critical vulnerability should be remediated first.
Severity
Base Score Range
None
0.0
Low
0.1-3.9
Medium
4.0-6.9
High
7.0-8.9
Critical
9.0-10.
Remediation
This step is about actually fixing the vulnerability. This step is usually done by the development team, system admins, or system engineers. A common form of remediation is patching or updating a system.
Confirming Remediation
This last step is all about re-scanning to confirming vulnerabilities are remediated. This step is important. You can take this a step forward and make sure no vulnerabilities are false positives.
It is important to have a vulnerability management system in place. This system needs to be a team effort. Security engineers can work on improving the vulnerability scanning process and system engineers can ensure that they remediate critical vulnerabilities as fast as possible.
Thanks for visiting my blog!
