All right. Welcome to less than one dot For off the exult Executive Vulnerability Management Course, we're gonna be talking about security teams and different responsibilities associated with vulnerability management.
So are learning objectives. For this video, we're gonna be talking about who's in vole, who is involved in vulnerability management and what their responsibilities are. So we're going to kind of take a deep dive. We're gonna talk a little bit about how how the right people can be involved and then how they can really help,
assist and mature that vulnerability management process.
Um, what does the stock have to do with vulnerability management? How can they help? What can they dio? So we're gonna talk about how they could be integrated the vulture vulnerability management process on Ben, How can you keep a continuous watch on vulnerabilities? You know, it's a difficult task. Um, so we're gonna talk a little bit more about that.
So who is on the team? There's gonna be a lot of different people that you want involve kind. As we discussed in the last lesson monitoring rules, you know, you're gonna want people who are very familiar with your data analysis who can really
look at logs, analyze the relevance. Relevance. I feel like, is really important when we're talking about vulnerabilities because
there's so many vulnerabilities out there. But what's really relevant to my system? My application, my threat profile? What? What do I need to really look at? So having someone that really understands what the relevance is of those vulnerabilities is important you and being able to cross through logs. Any automation that you can add
to any of these steps is huge because that will help cut down on the amount of
just trying to dig through false positives
and then, you know, from the monitoring roles, they can also help to alert the team. If they see something that looks a non anomalous or something that just doesn't look quite right, they can reach out to, you know, the rest of vulnerability management team and say, I saw this. This looks bad. Let's let's try to fix this
remediation rules eso these, the people that are gonna be looking at impact. What is the impact to the system if I remediate or if I don't remediate this vulnerability,
um, and then possible work arounds, you know, there are plenty of vulnerabilities that you can say. You know what? We can't patch. Let's say we can't patch java because we have this software application. Well, what other steps can we take to lower the risk for, You know, a possible attacker to get into that system
so we can talk about network segmentation, you know, white listing things like that that we can take steps that we can take, that maybe maybe we can't patch, but we can do some other things to help lower our risk
change management. You know, change management process is such a huge part of vulnerability management because a lot of places you have to go through an approval process, you know, to install patches, you need to make sure you're installing the right ones. People know that you're doing it in case there is an issue
s so it's really important toe have that change management component involved in vulnerability management.
So having someone who understand cm really well could really help out the team
and again, the risk management process having someone that really understands risk management, you know, from the business level, especially if you're in the private industry, you've got applications that need to be up 100% of the time. You cannot have down time. You know, someone who understands risk management from the enterprise,
they can help to maybe route, uh, some of the patch management or vulnerability management processes
and then authorization roles. So we're talking about executive leadership. Ah, security, leadership, someone who understands what's going on at the enterprise. Maybe new projects, new software that they need. Maybe architecture. I t architecture and infrastructure, people who can come in and really say, Hey, you know what? We've got this coming down the pike.
Does this align with our current architecture?
Um, is going to change our process. What do we need to? What do we need to know for implementing this new product or software?
Someone who can review corrective actions? So
let's say we need Teoh change our data center. We need to move it. You know, we want to move to the cloud or we need to do this. They can actually review that and say, Yes, this makes sense for the business on Ben. Would there be any adverse effects on customers or maybe personnel? Anything like that they'll be able to, you know, really come in and say
no. You know what? This isn't the right thing. We need to try something else.
Ah, and then engaged 1/4. So making sure that the people who need to be involved are involved. You know, I have seen a lot of really successful vulnerability management programs where you know, there is that ability to communicate and say, Hey, I'm going to send you this executive report It's just gonna have the top 10 vulnerabilities or top 10 exploitable vulnerabilities.
Uh, you know things that you really need to be looking at.
That's really what the state quarters need and, you know, from an executive level,
I think it's really important to see those reports see what's going on in the environment, because that will help. Ah, line assets and a line teams. So that way, people are remediating those vulnerabilities, but they're remediating the right vulnerabilities.
Eso How can the stock help
eso typically not always, but the stock is gonna be maintaining those security monitoring tools. Eso they're very possibly gonna be seeing issues or big issues. They may be able to alert I t or maybe other members in the security teams security leadership.
They're gonna be looking at possible suspicious activities. If they're seeing alerts for, you know, malware. Maybe on one machine. Me, this on a big deal.
But if they're seeing the same out, where on 5 10 15 machines, you really? Maybe they're going to say, band, Was this a phishing attack? Um, are they trying to exploit a certain vulnerability? Uh, you know, what are they scanning for? So the sock can really help to say, Hey, I'm seeing a lot of the same activity.
I think that this might be an issue. Let's try to remediate this vulnerability or these couple of vulnerabilities
And then again, executive leadership, you know, they really have the power to help the sock work with I, T and Infrastructure to make sure that there's coat cohesion there, making sure that the teams working well together I have seen in the past there can be some issues between 19 security. You know, I t is very focused on
user functionality. Make sure that systems air up
and that we're not affecting users. You know it from the security side. It's more focused from hey we need to make sure our users are secure. Yes, there might be a little downtime, but we know that they'll be secure. So it's that really having that push and pull understanding between the two and executive leadership can help them work together.
Um, and then you're CIS. Oh, of course. Hugely important in this. They're gonna help to determine what strategy, policies, procedures, What are gonna be important to vulnerability management, You know, they really help to determine you know, what is the mission of our organization? And then what strategy do we need to employ? What policies do we need to add
to help with this process?
So you're continuous monitoring team,
they're obviously hugely important. Vulnerabilities are found daily. So you have to have people that are constantly monitoring constantly, looking at security scans, looking at patches, looking at having that threat until these are gonna be the people that are really
gonna need to understand the whole environment. Um,
and the understanding that vulnerability scans there Just one component they're not, uh they're not gonna give you the entire view. Uh, having the ability, Teoh, look at secure code securing code. Um, that's That's another issue and risk, especially if you have ah, Web application server
and you have this specialty software. But there's sequel injection in there. That could be a huge problem. So vulnerability scans again there. One piece of vulnerability management. But there are lots of other ways that we can talk about vulnerability management. Outside of those scans,
Attackers and methods evolve. I mean, we've been seeing this with a Pts Vulnerability management program needs to evolve as well. So you need to have, you know, constantly getting upscaling, constantly training constantly, looking for the information. It's gonna be relevant to their vulnerability management program.
Attackers air getting surfaced more and more sophisticated using
more sophisticated methods.
But there are also still plenty of, you know, script kiddies, things like that that are out there,
that they're going to try to go after your low hanging fruit because that's gonna be the easiest way that they can get in. So your continuous monitoring team can help identify those and then constantly identify those. You can keep fixing them,
um, and again threatened, tells a big piece, being able to mature your vulnerability management program to add threat until I think could really help if you have the resources to do it,
Um, you know, there's a lot of great resource is out there. There are a lot of really great smart people on Twitter. Ah, security researchers, security researcher researchers that he can go out and get good information from
um So it's that adding that component of understanding what's out there and who's after U. S. So that you can decide what to protect what's most important?
So in today's video,
we talked about who should be on the vulnerability management team, kind of what their responsibilities are within that team.
Ah, how Assad can help to assist. And Dr Vulnerability Remediation. Yeah, they're gonna be a big part of that on then, how continuous monitoring plays into a successful vulnerability management team. It was a lot of great work that continuous monitoring teams do to help.
And then here my references. I will see you guys in the next module. Thank you.