To protect against evolving digital threats, more and more organizations are employing endpoint detection and response (EDR) systems on their computer networks. EDR consists of six crucial security controls. The first two, endpoint discovery and software discovery, facilitate the process of inventorying each device that is connected to the network and documenting all software applications running on each device. Once organizations begin actively monitoring what is installed on their networks, they can then transition to hardening the security of those devices. An important part of that process is the decision to launch a vulnerability management program. When it comes to vulnerabilities and exposures, attackers benefit from automation, crowdsourcing, big data, mobile, low cost cloud computing, and other resources just as much security personnel do. Only they have an advantage. Malicious actors need to find just one unpatched vulnerability, whereas security teams need to find (and patch) all hardware and software flaws every time. Which begs the question: how can organizations leverage a vulnerability management program to gain an advantage over attackers? Tripwire offers several answers in Endpoint Security Survival Guide: A Field Manual for Cyber Security Professionals, a guide which offers advice on how infosec professionals can implement the six security controls of EDR. First and foremost, organizations need to remember that security is an ongoing process. Though a device might be safe today, an actor could discover a serious vulnerability in the application's software tomorrow. Companies should therefore strive towards continuous vulnerability scans to pick up on those constant changes. Additionally, they should leverage resources like the Common Vulnerability Scoring System (CVSS) to prioritize vulnerabilities in a meaningful way. Just as security is a process, so too is a vulnerability management program. At the outset, a company might not have the scanning infrastructure or human resources needed to conduct and analyze continuous scans of its network environment. But it's important that it works towards that capability. Indeed, continuous scans not only help organizations determine whether they are actually fixing the flaws they discover. They also help companies identify trends in the performance of the vulnerability management program, information which security managers and other executives can use to justify budget allocation to the Board of Directors.
With more resources, organizations can strengthen their vulnerability management program by adding on digital threat intelligence feeds, authenticated/credentialed scans, and SIEM with Network Intrusion Prevention System (NIPS) logs. Interested in getting even more out of your organization's vulnerability management program? For more helpful tips and recommendations, please download Tripwire's resource here.
