Twelve Must-Know Steps for Threat and Vulnerability Management
Posted on September 7, 2022 by Richard Osborne
As individuals, we take numerous protective steps throughout the year, e.g., buying insurance, monitoring credit, getting annual physicals and flu shots, getting dental x-rays and routine teeth cleanings, and even regular car oil changes. Organizations require the same proactive approach to cybersecurity. Your organization can identify weaknesses through threat and vulnerability management and find solutions to remediate and improve network and system hygiene.But how do you successfully introduce a vulnerability-management solution, and what do you need to know about all of the data generated about your organization’s cybersecurity posture? In this blog, Richard Osborne, MCP’s Director of Commercial Services, shares his critical steps to add to your vulnerability management program.
How to Get Started with Threat and Vulnerability Management
- Ensure that you have someone capable of installing and configuring vulnerability-management software. This is crucial because vulnerability-scanning and -management solutions are far from “plug and play.”
- Place your vulnerability scanners as close as possible to the assets you will be scanning to avoid scanning through a firewall.
- Configure assets to allow scanning to occur. Some assets will run host-based security and may classify your scan as an attack. Be sure to request vendor documentation regarding steps to prevent this.
- Obtain a domain administrator account and any other service accounts necessary to authenticate all assets you will be scanning, e.g., Unix/Linux, routers, and switches. The most common credentials you will need are Windows and Secure Shell (SSH).
- Once a scan has been completed, perform a vulnerability analysis.
The first thing organizations should know, especially when they perform a vulnerability scan, is that the results may be too good to be true. For instance, something is wrong if you have 1,000 machines on your network, and the results indicate zero critical or high-priority vulnerabilities. You may be actively applying patches to your Windows systems (which is excellent), but today that isn’t enough.
Data Analysis, Not Data Dump
When looking at your data, follow these steps to improve your visibility and security posture:
- Verify that assets received an authenticated scan. An unauthenticated scan is like a home inspector inspecting their car using binoculars.
- Many security teams think they are authenticating more assets than they are. Confirm the recommended solution for verifying this with the vendor.
- The average organization will find thousands of high-priority vulnerabilities. This is very common in large organizations when first implementing a vulnerability-scanning solution.
- Prioritize remediation. This is important to avoid feeling overwhelmed and improve your organization’s cybersecurity.
- Despite what your management may want or suggest, you cannot patch everything, and your vulnerability count never will be zero.
- Utilize the solution’s reporting tool to track progress and display your cybersecurity security to enhance understanding graphically.
Finally, don’t chase your tail. Understand that new vulnerabilities are released daily and develop a way to manage them. Start by prioritizing them and distributing the workload among your team members. Remember that cybersecurity and information technology (IT) personnel should be working collaboratively to accomplish the common goal of securing your organization’s networks and systems.
Learn more about vulnerability management and the managed security services offered by Mission Critical Partners.