By: Nihad Hassan
July 6, 2021
The Vulnerability Management Program And Its Role In Mitigating Cyberattacks
By: Nihad Hassan
July 6, 2021
Information has become the most critical asset in an organization. This results in increasing the importance of cybersecurity. Organizations of all sizes and across all industries thrive to protect their data from various risks originating from cyberspace. The recent rise of remote working models has increased the number of security vulnerabilities that organizations need to handle due to employee endpoint devices.
In general, a vulnerability is defined as a gap in your security defenses. Every organization has multiple security defenses (such as firewalls, IDS/IPS, antivirus, and antimalware) to protect its internal systems from threat actors and preserve the confidentiality of its stored data. By exploiting the open vulnerability, attackers can infiltrate the target organization network and do malicious actions, such as planting malware or stealing sensitive information.
Every year, thousands of security vulnerabilities are discovered; and to prevent threat actors from exploiting them, organizations must continually discover them by implementing a vulnerability management program. It is a process of identifying, classifying, prioritizing, and resolving vulnerabilities in operating systems, organization programs (both on-premises or cloud apps), in addition to programs installed on endpoint devices. The program should be a continual process that aims to discover issues and remedy it before it turns into a security risk. This way, vulnerability management is considered a proactive solution to prevent threat actors from exploiting open security holes.
Automated solutions exist to aid in discovering new vulnerabilities. These tools use a vulnerability scanner and sometimes install agents (small programs) on endpoint devices to collect various technical information from all connected devices across the network. The results are evaluated and prioritized according to their importance and suggest a solution to close each one.
Vulnerability assessment VS vulnerability management
Vulnerability assessment is considered a part of the vulnerability management program. The first one is a one-time project that has a defined start and end date. For example, your security team will run an assessment to discover vulnerabilities in your network and endpoint devices; the discovered vulnerabilities will be documented in a formal report that includes recommendations to close them.
Vulnerability management program process
The central element in any vulnerability management solution is the scanner which is responsible for:
a. Scans all accessible systems across the network. b. Identifies open ports and all services running on the scanned system. c. Gathers technical information about scanned systems. d. Matchs discovered systems information with known vulnerabilities.
A vulnerability scanner can discover all connected devices across the scanned network, such as workstations, laptops, servers, printers, routers, switches, firewalls, etc. It will try to gather as much technical information about it for each discovered system, such as operating system type and version, installed applications, open ports, running services, user accounts, and many more. This information is then used to correlate known vulnerabilities with the scanned information. Scanners can consult databases like The NVD or CVE details.
To see a list of the most popular vulnerability scanners, check the author blog post titled "6 Popular Vulnerability Scanners".
After identifying Vulnerabilities, an organization needs to evaluate them and propose remediation according to the organization's risk management strategy. The solution will commonly provide a risk rating score, typically using the Common Vulnerability Scoring System (CVSS). The score will help an organization to determine which vulnerability must be treated first. This should not be the only factor in determining the importance of a specific vulnerability. For instance, other factors should be examined as well, such as:
- Is the discovered vulnerability is true or false positive?
- Can someone residing outside the organization network, for example, from the internet, exploit this vulnerability to gain unauthorized access?
- Is there any exploit code ready to exploit this vulnerability?
- What is the impact of the subject's vulnerability getting exploited successfully? (For example, will it result in a data breach that leads to fines imposed by various regulatory bodies such as GDPR?)
After examining all discovered vulnerabilities and evaluating which one is considered a real threat to organization network and IT systems. The team can choose one of the three options written below:
- Remediation or treatment: This is the ideal solution. A system is patched or updated, so the exploitable vulnerability disappears.
- Mitigation: If there is no patch or fix available to treat the vulnerability, an organization can lower its potential security impact until remediation or fix becomes available.
- Acceptance: If the vulnerability is not critical and does not impose any threat to the IT environment, and if fixing the vulnerability will incur a higher cost than its cost if exploited successfully, an organization may choose to ignore it.
In this final step, a report is prepared, usually generated using the vulnerability management program, which contains all discovered vulnerabilities and each risk rating score. The IT security team will utilize such reports to fix discovered vulnerabilities and monitor vulnerability trends.
Organizations are not working in isolation; everyday new partners, employees, and customers interact with your IT systems; this opens new work opportunities to your business and introduces new threats. A vulnerability management solution will help organizations discover security vulnerabilities before it poses any danger to organization network and stored data.