As individuals, we take steps to protect ourselves; whether through insurance, credit monitoring, annual physicals, routine teeth cleanings, oil changes, or even applying a Band-Aid on an open wound. Organizations deserve the same treatment approach to security. Through vulnerability management, your organization can identify weaknesses and find solutions to remediate and improve network hygiene.
But how do you successfully introduce a vulnerability management solution, and what do you do need to know about all the data that is generated about your organization’s security posture? Evan London, Director of Technical Solutions at TSC Advantage, shares his key steps to vulnerability management.
How to Get Started
- Ensure you have someone capable of installing and configuring vulnerability management software. This is crucial as vulnerability scanning and management products are far from “plug and play”.
- Place your vulnerability scanners as close to the assets you are going to be scanning as possible to avoid scanning through a firewall.
- Configure assets to allow scanning to occur. Some assets will be running host-based security and may classify your scan as an attack. Be sure to request vendor documentation on steps to prevent this.
- Obtain a domain administrator account and any other service accounts necessary to authenticate to all assets that you will be scanning. The most common credentials you will need are Windows and SSH (Unix/Linux, routers, switches, etc.)
- Once a scan has completed, vulnerability analysis will need to be performed.
The first thing organizations should know, especially if this is their first time scanning, is that the results may be too good to be true. If you have one thousand machines on your network and the results come back with zero critical and zero high vulnerabilities, something is wrong. You may be actively applying patches to your Windows systems (which is great) but today, that isn’t enough.
Data Analysis, Not Data Dump
When looking at your data, follow these steps to improve your visibility and security posture:
- Verify that assets received an authenticated scan. An unauthenticated scan is like a home inspector conducting their inspection from their car using binoculars.
- Many security teams think they are authenticating to more than they actually are. Confirm the recommended solution for verifying this with the vendor.
- The average organization will find thousands of high priority vulnerabilities. This is very common in large organizations when first implementing a vulnerability scanning solution.
- Prioritize remediation. This is extremely important to avoid feeling overwhelmed as well as to improve the security of your organization.
- Despite what your management may want or suggest, you cannot patch everything and your vulnerability count will never be zero.
- Utilize the reporting in the tool to track and show progress and to help graphically display your security posture.
Finally, don’t chase your tail. Understand that new vulnerabilities are released every day and develop a way to manage them. Prioritize and distribute the workload among your team and remember that security and IT should be working to accomplish the same goal of securing your organization.
Learn more about vulnerability management and the Managed Security Services offered by TSC Advantage.