Vulnerability management activities have long been a core requirement for organizations seeking to understand the extent of their exposures and overall security state of their networks. Yet many security teams continue to struggle when faced with the operational limitations – and resulting manual processes – of the available solutions typically deployed as isolated silos. Because of this, vulnerability management can be extraordinarily difficult. There may be a number of exploitable software and configuration defects on any one host – and tens, hundreds or thousands of hosts in the environment.
The sheer volume of exposures often slows down even the most methodical resolution efforts – and far too often, this is a matter of evaluating what are assumed to be the most significant vulnerabilities on a case-by-case basis. Remediation poses further hurdles, since software updates, patches and reconfigurations typically must be evaluated before deployment to head off any possible disruptions they could cause.
The result is that many vulnerabilities – even when acknowledged to be critical – can go unresolved for far too long, if they are ever addressed at all.
The Biggest Vulnerability Challenges
Vulnerability Prioritization
With potentially hundreds or thousands of exploitable vulnerabilities in an enterprise environment – and only so many resources to spend on remediation in terms of time and expertise – how does an organization determine which exposures deserve the most attention? Which should be resolved first, and which can wait? False positives generated by vulnerability assessment tools compound the issue. Without understanding the attack pathways and sequences, vulnerability prioritization is effectively disconnected from reality.
Failure to Incorporate Real-Time Data
If asset criticality is based on static data such as some measure of value associated with an asset, it is effectively frozen in time and may no longer be current. Keeping vulnerability data fresh is typically understood as keeping databases of Common Vulnerabilities and Exposures (CVE) records or CVSS scores up to date. But this narrow focus is in sharp contrast to the methods of the attacker, who is often far more dynamic and systematic than the defender.
Fragmented Tactics Keep Gaps Exposed
A variety of assessment technologies exist, from host-based techniques that depend on the visibility of an agent or other component of the target system, to network-based assessments. When used together, and with existing security infrastructure, there may be a number of potential overlaps as well as gaps or “blind spots” in the environment. As a result, much valuable insight simply gets lost in the noise, if not overlooked altogether.
Vulnerability Management – What to look for:
Today’s techniques should unify the correlation and rationalization of vulnerability data from a variety of sources – from a range of scan techniques to external vulnerability intelligence, internal activity, and environment topology.
They should be comprehensive, incorporating visibility across the entire landscape of systems, networks, applications, and resources that integrate complex environments – including security and IT operations management infrastructure.
They should clearly identify actionable items, based on more realistic and comprehensive insight going beyond static or less comprehensive approaches to include activity and topology data.
They should centralize visibility and analysis, reducing or eliminating the need for multiple management consoles for vulnerability assessment, activity insight, reporting or other related capabilities.
A Solution Does Exist
With the introduction of QRadar Vulnerability Manager, IBM tackles the limitations of legacy approaches head-on. This offering is not just another commodity vulnerability scanner. By delivering vulnerability assessment as part of the QRadar Security Intelligence Platform, IBM integrates vulnerability intelligence directly into the same system widely adopted by many enterprises for actionable, easy-to-deploy Security Information and Event Management (SIEM). This reduces the proliferation of fragmented security tools that hamper security effectiveness – and associated costs – while enriching vulnerability insight and improving the efficiency of vulnerability remediation.
Schedule a consultation today to learn how Flagship can help you design and implement an effective vulnerability management solution.
Stay connected online: