Looking at the cyberthreat landscape, millions of new devices come online every day. But there’s a shortage of qualified cybersecurity workers to protect those devices once they come online. Additionally, in almost every case, it takes minutes or less to compromise them. Simply running more vulnerability scans to collect more data and generating more alerts isn’t the answer, with more than half of organizations citing ‘data overload’ as their biggest challenge. All the data that gets collected through continuous assessment often requires manual analysis that can be slow and error-prone, resulting in slower response and limiting your ability to recover from difficult situations. More specifically, there are three key technical problems associated with automated vulnerability scans:
- As networks grow with more and more hosts, scaling a vulnerability management program can be complex.
- Vulnerability scans don’t always provide complete information.
- It can be difficult to troubleshoot detection issues like false positives.
A resilient vulnerability management solution can help you protect the increasing numbers of hosts and vulnerabilities on your network while maximizing limited human resources and improving security operations. If you’re faced with doing more with less and already have more alerts than you can handle, here are three questions to ask about your vulnerability management solution that can help identify areas that can be improved:
1. Are you scanning everything that needs scanning?
If your vulnerability management solution isn’t designed for resilience, you might not be able to scan everything that you would like to scan. There may be too many devices to scan within the allotted time or scan window, or you may not be able to manage and make use of all of the data collected. One approach to scanning everything is a three-layer cake architecture. Looking at the top layer, vulnerability management solutions built on a resilient architecture can include centralized analytics to consolidate reporting for a comprehensive view of security intelligence of enterprise risk. In the middle later, centralized management with role-based access controls, a user interface that enables bulk operations, and tight integration with other security and IT solutions can enable better efficiency by consolidating management tasks and automating workflows.
2. Can you clearly identify your top risks?
When it comes to CVSS scoring, when everything is critical, nothing is. In organizations with thousands or tens of thousands of vulnerabilities, these rough “10” and “HIGH” vulnerability scores lose meaning. That’s why advanced vulnerability scoring, in addition to CVSS scoring, can help you do something actionable with all of the data collected during vulnerability assessments.
3. Do you have confidence in the accuracy of your vulnerability findings?
Accurate assessment results are critical, yet vulnerability management products deliver assessments with varying degrees of accuracy. Some solutions often identify vulnerabilities where they don’t exist—and fail to find vulnerabilities that pose serious security risks. A resilient vulnerability management solution should have a range of technologies to significantly reduce the identification of “suspected” vulnerabilities, which may include:
- Device Prequalification: A device profiling process that pre-qualifies hosts by discovering the applications available then tests those applications for specific vulnerabilities. This targeted approach, as opposed to spray-and-pray approach, results in higher accuracy results with less potential for disruption.
- Credential Testing: Using credentials during a vulnerability scan can improve visibility, but credential issues can slow things down. However, you can remove delays by pre-qualifying credentials before running a scan to catch authentication issues before they occur using credential testing capabilities.
- Instance Data: False positives can be a pain to troubleshoot, especially when coordinating across security and IT operations teams. Vulnerability instance data—proof of how and why a vulnerability or application was detected—can increase visibility and reduce workload.
A resilient vulnerability management solution can help you protect the increasing numbers of hosts on your network, while maximizing limited human resources. If you didn’t answer “yes” to the three questions above, I invite you to learn more about Tripwire’s resilient vulnerability management solutions, Tripwire IP360, by watching the video below. https://www.youtube.com/watch?v=wCtl2tk9tkI