What is Vulnerability Management?

What is a vulnerability?

A vulnerability can be defined as a cyber security risk/weakness within an application, service, endpoint, or piece of infrastructure which can be exploited by a real-world external threat actor.

Hackers aim to use vulnerabilities to escalate their privilege-control and perform unauthorised actions such as: Impacting the confidentiality, integrity, or availability of data; increasing access-control; financial gain; fraud; blackmail; revenge; carrying out political agendas; or performing espionage.

Vulnerabilities can be caused by many different factors including:

• Complexity - Complex systems are hard to manage, especially if users do not have the appropriate experience, qualifications, certifications, or funding. Having complex systems increase the likelihood of misconfigurations or poor access-control.
  
  
• Connectivity - The more connections to other systems or applications creates more vulnerabilities as there are more endpoints to manage.

• Internet usage - The Internet is full of spyware and adware that can be installed automatically on computer devices. Ensuring staff are fully trained and aware of the potential dangers and how they can protect themselves it critical.

• Zero-day exploits – A vulnerability that is unknown to, or unaddressed by, those who are responsible of patching the specific vector. "Day Zero" is the day when the interested party learns of the vulnerability, leading to a patch or workaround to avoid exploitation.

• Familiarity – It can often take staff years to fully familiarise themselves with your organisations’ systems. Not having the necessary time to understand the context and purpose creates an ineffective blue-team approach if a vulnerability were to be exploited – providing threat-actors with an advantage.
  
  
• Poor password management - Weak passwords can be broken with certain techniques such as brute force. Furthermore, not changing passwords regularly can allow unauthorised users such as old-staff access to data they are no longer authorised to manage.

• Bugs – Applications, operating systems, and software needs consistently updating. Ensuring systems are optimally patched can ensure that there are no nasty surprises (such as the WannaCry hack) 

• People - The biggest vulnerability in any organisation is the human-element. Social Engineering is popular with threat-actors as user information is increasingly becoming more accessible online. Campaigns such as phishing emails are actively used to trick staff within organisations to providing threat-actors with unauthorised access. If staff are not actively trained, they will not be able to tell the difference between authorised and unauthorised users.

Reducing the impact of the hazard itself where possible (through mitigation, prediction, and preparedness)

Building capacities and implementing the appropriate security controls to withstand identified security risk

Tackling the root causes of vulnerability

Vulnerability management

Thousands of new vulnerabilities are discovered every year – Operating Systems (OS) and applications require consistent patching and reconfiguration. To proactively address vulnerabilities before they are successfully exploited, organisations who care for protecting personal data consistently perform vulnerability management to provide the highest levels of protection to identify their current security posture.

Vulnerability management is the practice of identifying, classifying, remediating, and mitigating security vulnerabilities through the following Vulnerability Assessment process:

• Identifying vulnerabilities: Analysing networks through scans, Penetration Tests, Firewall logs, and vulnerability scan results to find vulnerabilities within vectors that could be exploited
• Verifying identified vulnerabilities: Deciding whether the vulnerabilities identified could be exploited and classifying the severity of said exploit(s) to understand the level of risk and importance of action.
• Mitigating vulnerabilities: Deciding on countermeasures and figuring out how to measure their effectiveness if a short-term solution is not available.
• Remediating vulnerabilities: Updating affected software or hardware where possible.

It is important to note that formal vulnerability management doesn’t simply involve the act of patching and reconfiguring insecure settings. Vulnerability management is a disciplined practice that requires company-wide mindset within cyber security and that new vulnerabilities are found daily, requiring the need for continual discovery, verification, mitigation, and remediation.

Since cyber-attacks are constantly evolving, vulnerability management must be a continuous and repetitive practice to ensure your business consistently remains protected.

Not convinced? Try our Free Cyber Security Freebies!

Other Cyber Security Soloutions