Vulnerability management
Encyclopedia
"Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities" This practice generally refers to software vulnerabilities in computing systems.

Vulnerability Management Programs

While program definitions vary in the industry, Gartner
Gartner
Gartner, Inc. is an information technology research and advisory firm headquartered in Stamford, Connecticut, United States. It was known as GartnerGroup until 2001....

, a prominent IT Analyst company, defines Six steps for vulnerability management programs

Define Policy - Organizations must start out by determining what the desired security state for their environment is. This includes determining desired device and service configurations and access control rules for users accessing resources.

Baseline the Environment - Once a policy has been defined, the organization must assess the true security state of the environment and determine where instances of policy violations are occurring.

Prioritize Vulnerabilities - Instances of policy violations are Vulnerability (computing)
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...

. These vulnerabilities are then prioritized using risk and effort-based criteria.

Shield
- In the short term, the organization can take steps to minimize the damage that could be caused by the vulnerability by creating compensating controls.

Mitigate Vulnerabilities - Ultimately, the root causes of vulnerabilities must be addressed. This is often done via patching vulnerable services, changing vulnerable configurations or making application updates to remove vulnerable code.

Maintain and Monitor - Organizations' computing environments are dynamic and evolve over time, as do security policy requirements. In addition, additional security vulnerabilities are always being identified. For this reason, vulnerability management is an ongoing process rather than a point-in-time event.

Vulnerability Management for Applications Versus Hosts and Infrastructure

Host and infrastructure vulnerabilities can often be addressed by applying patches or changing configuration settings. Custom software or application-based vulnerabilities often require additional software development in order to fully mitigate. Technologies such as web application firewalls can be used in the short term to shield systems, but to address the root cause, changes must be made to the underlying software.

Managing Known Vulnerabilities Versus Unknown Vulnerabilities

Typical tools used for identifying and classifying known vulnerabilities are vulnerability scanners
Vulnerability scanner
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. There are a number of types of vulnerability scanners available today, distinguished from one another by a focus on particular targets...

. These tools look for vulnerabilities known and reported by the security community, and which typically are already fixed by relevant vendors with patches and security updates.

Zero-day vulnerabilities are problems that vulnerability scanners cannot detect, and which also do not have any patches or updates available from vendors. Unknown Vulnerability Management process augments the known vulnerability management by introducing tools and techniques such as network analyzers for mapping attack surface, and fuzzers for finding zero day vulnerabilities.

See also

  • Full disclosure
    Full disclosure
    In computer security, full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity...

  • IT risk
    IT risk
    Information technology risk, or IT risk, IT-related risk, is a risk related to information technology. This relatively new term due to an increasing awareness that information security is simply one facet of a multitude of risks that are relevant to IT and the real world processes it...

  • Penetration testing
  • Vulnerability (computing)
    Vulnerability (computing)
    In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...

  • Zero-day attack

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK