Security practitioners juggle many tasks, with vulnerability management requiring the most time and effort to manage effectively. Prioritizing vulnerabilities, grouping those vulnerabilities and assets, as well as assigning them to the appropriate teams takes considerable time using current scanning technology.
The end goal of any successful vulnerability management program is to keep organizational data and assets safe from breaches. Security practitioners must ask themselves: Do I have visibility that my current plan is working? When I am given a small window of time to remediate vulnerabilities, am I targeting the right ones?
Kenna Security’s (formally known as Risk I/O) risk meters use vulnerability data from scanning technologies, such as Tripwire IP360, to monitor any group of assets and vulnerabilities. Instead of trying to fix everything, risk meters shift your strategy towards identifying and remediating the few vulnerabilities that are most likely to cause a breach.
Kenna Security takes millions of daily breaches and exploits via threat feeds and makes a comparison to your vulnerability data every 30 minutes. Your monthly scans can be turned into dynamic risk meters to ensure that any vulnerability that has been breached in the wild does not find its way into your environment.
Let’s say that you are a security practitioner that needs to separate your assets and vulnerabilities by five office locations to ensure that the team in each location is keeping up with their required remediation windows. You could create risk meters for each of those locations and monitor the overall health of each environment as a whole.
Now, let’s say that you upgraded a large section of your desktops and laptops to Windows 8 and each office location received a portion of these OS upgrades. You can monitor those specific devices separately with their own risk meter. Using the entire list of organizational assets, select just those Windows 8 machines and create a risk meter to ensure that the OS upgrade goes smoothly and to act on any potential threats that arise quickly.
Take a look at the video below to learn how risk meters allow you to monitor your assets at a glance in any way you choose.
Companies, large and small, can use risk meters to validate their remediation efforts and focus on the assets and vulnerabilities that matter most. Attackers target not only the CVSS 9’s and 10’s of the world but also the old and forgotten vulnerabilities that were never remediated. Adding risk meters to your vulnerability management program will provide you with visibility to ensure that you are protecting your organization vulnerability against a breach.
Learn more about how you can integrate Tripwire IP360 and Kenna Security for advanced vulnerability management:
About the Author: Ryan serves as a Technical Account Manager at Kenna Security, assisting with user deployments as well as with channel sales and development. Ryan joined Kenna Security after Tripwire acquired nCircle, his former company, where he served as a Technical Project Manager until he entered the vulnerability management space.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. If you are interested in becoming a guest author for The State of Security, contact us here.
- Effective Vulnerability Management Starts with Network Situational Awareness
- Attackers Are Using High-Profile Vulnerabilities to Evade Detection
- Leveraging Security Controls and Analytics to Protect Sensitive Data
- Change Doesn’t Have to be the Enemy of Security
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock