What is a vulnerability in Cybersecurity Context?
It can be defined as any mean by which an external threat actor can gain unauthorized access or privileged control to any application, endpoint, server within your IT environment.
For example:
• Ports which are open to internet
• Insecure configuration of your softwares
• Insecure configurations of your OS, & Server
• All methods which may grant privileged access with any software/OS
• Any other type of susceptibility which may allow a malware to infect a system, etc
-
How These vulnerabilities Are Defined?
In general, vulnerabilities are defined as an open, standards-based effort using the security content automation protocol (SCAP) standard which has been developed by NIST.
At a high level, SCAP can be broken down into a few components:
• Common vulnerabilities and exposures (CVE) – Each CVE defines a specific vulnerability by which an attack may occur.
• Common configuration enumeration (CCE) – A CCE is a list of system security configuration issues that can be used to develop configuration guidance.
• Common platform enumeration (CPE) – CPEs are standardized methods of describing and identifying classes of applications, operating systems, and devices within your environment. CPEs are used to describe what a CVE or CCE applies to.
• Common vulnerability scoring system (CVSS) – This scoring system works to assign severity scores to each defined vulnerability and is used to prioritize remediation efforts and resources according to the threat. Scores range from 0 to 10, with 10 being the most severe.
Many public sources of vulnerability definitions exist. For example, National Vulnerability Database (NVD) is the biggest database of vulnerabilities. Then there is Microsoft's MSSP program, which also includes Microsoft’s security updates. All these are freely available to everybody.
Additionally, several security vendors offer access to their private vulnerability databases via paid subscription.
Then there is 'Center for Internet Security' which provides the broadest range of updated configuration baselines against which to assess and remediate configuration-based vulnerabilities. Security configuration baselines are also used to establish how OSs and applications should be configured for the most security.
-
What is Vulnerability Management?
Vulnerability management is generally defined as the process of identifying, categorizing, prioritizing, and resolving vulnerabilities in operating systems (OS), enterprise applications (whether in the cloud or on-premises), browsers, and end-user applications.
It is an ongoing process, and it seeks to continually identify vulnerabilities that can be remediated through patching and configuration of security settings. That's why it is proactive in its nature.
There are 6-components of Vulnerability Management:
1. Discover
You can’t secure what you’re unaware of. The first process involves taking an inventory of all assets across the environment, identifying details including operating system, services, applications, and configurations to identify vulnerabilities. This usually includes both a network scan and an authenticated agent-based system scan. Discovery should be performed regularly on an automated schedule.
2. Prioritize
Second, discovered assets need to be categorized into groups and assigned a risk-based prioritization based on criticality to the organization.
3. Assess
Third is establishing a risk baseline for your point of reference as vulnerabilities are remediated and risk is eliminated. Assessments provide an ongoing baseline over time.
4. Remediate
Fourth, based on risk prioritization, vulnerabilities should be fixed (whether via patching or reconfiguration). Controls should be in place so that that remediation is completed successfully and progress can be documented.
5. Verify
Fifth, validation of remediation is accomplished through additional scans and/or IT reporting.
6. Report
Finally, IT, executives, and the C-suite all have need to understand the current state of risk around vulnerabilities. IT needs tactical reporting on vulnerabilities identified and remediated (by comparing the most recent scan with the previous one), executives need a summary of the current state of vulnerability (think red/yellow/green type reporting), and the C-suite needs something high-level like simple risk scores across parts of the business.
Remember, each of these components have their own sub-processes and tasks.
Think of it as a continual lifecycle which is designed to help you improve security and reduce organizational risk found in your network environment. You should see this as being a daily process rather than quarterly or annually.
-
To proactively address vulnerabilities before they are utilized for a cyberattack, the organizations which are serious about the security of their environment, must perform vulnerability management to provide the highest levels of security posture possible.
Please let me know of what do you think about this in the comment section. You can also share with all if the information shared here helps you in some manner.
Kindly write your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM