Continuous Vulnerability Assessment

Barely a month goes by without an app on our iPhones needing an update. App updates are automatically run and we hardly notice. Operating system updates are less frequent but require our attention. Sometimes, after updating, old applications cease working or exhibit strange behaviour. Incompatibilities cause this and are one of the fiddlier aspects of vulnerability management; ensuring your security upgrade does not break your application.

Business systems are also affected by vulnerabilities and require updates just as our iPhones. The problem is that you can’t just let users perform updates as they see fit. Many organisations like to have a standard desktop/laptop builds so that the environment is supportable and predictable.

Similarly, server changes need to be planned and tested, with regression options if something unforeseen is discovered. For this reason, many organisations do not use fully automated patching solutions.

Some 15,000-20,000 are found each year and keeping on top of them can be a full-time job. Not every vulnerability is relevant or even exploitable. A fraction of those discovered (estimated around 2%) are “exploitable” and represent a threat to many organisations. The trick is knowing which ones to worry about.

What is vulnerability management?

Simply put, it is the exercise of ensuring operating systems and applications are patched to reduce their likelihood of being compromised. The latest vulnerabilities are published daily. The trick is keeping on top of those vulnerabilities that might be a problem for your organisation. This means you need to:

  1. Have a complete, up-to-date inventory of all your systems
  2. Ensure they are analysed on a regular basis for known vulnerabilities
  3. Quickly build and execute a plan for patching or upgrading systems to close vulnerabilities

Simple?

How can you do better vulnerability assessments?

There are many vulnerability scanning solutions on the market. They all use the daily feeds from the NIST National Vulnerability database as a core data feed. Each of your systems is scanned (often an agent needs to be installed to scan non-network visible components). The process of installing, often a dissolvable agent, scanning and processing the results for a large network can take a considerable time. This means that manyorganisation scan weekly, monthly or, in some cases, only once a year.

Key problems with traditional scheduled scans include:

  1. They are not responsive to new, critical vulnerabilities that maybe found between scans
  2. They are often run at quiet times – to reduce the impact of scanning loads – and may miss connected systems
  3. They are often disconnected from the discovery / asset management process, again, meaning systems may be missed
  4. They often lack information so that a prioritised change plan can be quickly built – adding to workload and adding delays to plugging vulnerability holes.

How can Rebasoft help?

Rebasoft’s real-time asset discovery capability means you get the latest, detailed knowledge of every assetyou need to protect. There are facilities for tagging the most important systems to help with remediation priorities in your change control processes.

Our vulnerability scanning capability means the system can be scheduled to scan every device it finds – without you needing to manually set each scan up. It means

  1. Regular scans will pick up relevant vulnerabilities automatically
  2. Cross-referencing with device importance – and current connection status – means assessing and building change requests to install the most critical updates can be done with less effort and more accuracy
Book a demo

Share This Story, Choose Your Platform!