Enterprise networks regularly see change in their devices, software installations, and file content. These modifications can create risk for the organization. Fortunately, companies can mitigate such risk by implementing foundational security controls.
For example, enterprises can monitor their important files for change using file integrity monitoring (FIM). This security measure enables IT security teams to determine when files change, how they change, who changed them, and what can be done to restore them if those modifications are unauthorized. Organizations can also use foundational controls to monitor for vulnerabilities potentially introduced by the addition of new physical and virtual devices. FIM won’t do the job, however. To obtain an accurate assessment of risk, minimize security threats, and maintain compliance, companies should turn to vulnerability management.
There are four stages to any effective vulnerability management program. These are as follows:
- Vulnerability Scanning Process: Companies cannot adequately manage risk without first determining which of their IT assets need protecting. Towards that end, organizations should leverage factors such as physical or logical connection to higher classified assets, user access, and system availability to develop an asset’s risk factor. They should then identify the owners for each of those assets, set a scan frequency, (The Center for Internet Security recommends a frequency of at least weekly.) and establish timelines and thresholds for remediation.
- Asset Discovery and Inventory: Once they have developed the vulnerability scanning process, enterprises must decide which assets they will subject to that procedure. They must therefore engage in asset discovery, another foundational control, and develop an inventory of all hardware and software installed on the corporate network. That inventory should include both authorized and unauthorized devices/software so that security teams can approve access and installation/execution for approved devices/software only. It should also record more granular details including possible connections with other assets, configuration, maintenance and replacement schedule, software installations, and usage.
- Vulnerability Detection: The next step in a vulnerability management program is to apply the vulnerability scanning process to those assets recorded in the company’s inventory. This procedure generally takes the form of automated vulnerability scans. Upon completion, it might reveal weaknesses on certain discovered assets.
- Reporting and Remediation: In the event a scan detects vulnerabilities, it’s up to the organization to report and remediate those weaknesses. Effective reporting and remediation usually involves prioritizing all discovered vulnerabilities and creating a patching schedule based upon those rankings. If a complete fix isn’t available, security teams should investigate if there are any workarounds available that they can use to mitigate the risk posed by an unpatched vulnerability.
Companies don’t need to stop there, however. They can augment the effectiveness of their vulnerability management program by investing in a tool that comes equipped with additional capabilities. Some add-on features to consider include the following:
- Risk Scoring: Rather than just relying on quantitative vulnerability scoring systems like CVSS, businesses should be able to weigh vulnerabilities discovered on their networks based on their own unique requirements or specifications of their industry. Towards that end, they should choose a tool that uses risk scoring to customize vulnerability management data so that they can better protect themselves against digital threats.
- Credentialed Assessment: Organizations should invest in a vulnerability management tool that uses administrative credentials to scan the file system, registry, and configuration files. These types of assessments aren’t always needed. However, they do provide a level of depth that non-credentialed assessments lack and can thereby yield more accurate vulnerability scanning results.
- Identity and Access Management: Companies should integrate their vulnerability management system with their discovery service by investing in a tool that allows them to segregate vulnerability management data and partition user access. That way, only those who need access to such information can get it.
- IT and Security Integrations: In addition to integrating their vulnerability management program with the discovery service, companies should configure their platform to work with IT operations and security teams. This makes it possible for organizations to optimize their resources in the pursuit of specific business goals.
- Reporting: Once a vulnerability is discovered, authorized personnel should be able to use the vulnerability management tool to generate reports with an appropriate level of data for auditors, business executives, and a variety of audiences. They should also be able to customize those reports using filters and then distribute those analyses to users based on their roles. Those reports, in turn, can help organizations manage their security budgets and maintain compliance with relevant data security standards frameworks.