27 February 2014

Why Understanding Vulnerability Management is Important

Wikipedia describes vulnerability management as "the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities, especially in software and firmware". Vulnerability management is an integral part of computer and network security. If you are responsible for managing company servers and/or networks, it is vital for you to understand about, and implement, vulnerability management.

Where can vulnerability attacks come from?
  • From outside the network
  • From inside the network, perhaps via a VPN (virtual private network)
  • From outside over the telephone, using such tricks as social engineering
  • From an insider on the local network
  • From an insider on the local system
  • From malware
What might management fear from network vulnerability? These are a few examples:

  •  A web server compromise can expose the organization to widespread ridicule.
  • A server compromise might allow private customer data to be stolen, which could lead to claims for compensation, especially if it involves credit card details.
  • An insider who is angry might do something mischievous, like launch a logic bomb to destroy data.
  • An insider who feels aggrieved sells company trade secrets.
  • Employees might be deceived by social engineering tricks, which might leak sensitive data to the press.
  • A hacker who penetrates systems might find evidence of wrongdoing that can then be used to blackmail the company.


What should you know about vulnerability management?

  • Vulnerabilities are gateways through which threats become manifest.
  • Scanning for vulnerabilities without remediating them has little value.
  • A little scanning and remediation is better than a lot of scanning and less remediation.
  • Vulnerabilities that need fixing have to be prioritised based on those that pose the most immediate risk to the network.
  • Security experts need processes to allow them to stay focused on vulnerabilities so that fixes can become more frequent and effective.
All an attacker needs is a toe-hold. If there is a single vulnerability left unfixed and it can be reached from outside the organization AND it is compromised, then the vulnerability can be used as a springboard to attack other systems on the network. If a data breach occurs and it is traced back to a flaw the company was aware of but hadn't fixed, the consequences can be serious.  Think of the “damages” phase of a court case!

So the regular pattern of vulnerability management should be to: scan the network and identify vulnerabilities; prioritise those that are found; identify fixes; and, apply the fixes.

The starting point for managing computer vulnerabilities is an asset register. What hardware AND software does the company own? What versions are they? Where is it? There are many software packages that can be obtained to automate this process, normally by searching the company network for attached systems and devices, discovering disk drives and auditing them for installed software. Don’t forget to include backup or spare systems that may not be switched on all the time – they have to be audited too in case they contain risks from unpatched old software.

Depending upon the types of threats that an organisation might expect, it might be necessary to implement a networking monitoring system to check network traffic continuously for unusual activity. For example, if a little-used server suddenly receives many data transfer requests, this might be suspicious.  Some companies set up traps by loading a server with interesting – but fake – data with the aim of sidetracking hackers away from the real data they are after.

Vulnerability management should be high on the agenda of essential IT processes for most businesses. It is important, vital, for business management to understand it and how it can protect the company.

No comments:

Post a Comment