60% of security patches happen because of unpatched vulnerabilities, updates, weaknesses, or threats.
WHEN: Numerous security breaches, including the extensive 2017 data breach at Equifax, can be linked to unaddressed vulnerabilities. According to a 2019 Tripwire study, 27% of all breaches resulted from unpatched vulnerabilities, while a staggering 60% was reported in a 2018 Ponemon study and MUCH MORE...
(WHAT?) VULNERABILITY - Weakness/threat/flaw
In the context of security: A vulnerability is a weakness in a system (computer, physical, or social) that can be exploited by a threat actor to cause harm. This harm could be in the form of:
Data breaches: where sensitive information is stolen or leaked.
Denial-of-service attacks: where a system is overloaded and made unavailable to its users.
Malware infections: where malicious software is installed on a system to steal data, spy on users, or cause damage.
Physical attacks: where a system is damaged or destroyed.
(WHERE) EXISTENCE OF VULNERABILITY
Vulnerabilities can exist in software, hardware, network configurations, and even in human behavior. They can be caused by design flaws, coding errors, misconfigurations, or a lack of security awareness.
(HOW)PROCESS INVOLVING FINDING A VULNERABILITY
Below , I adhere to one of my finest practices in the organizations, which leads a successful completion.VULNERABILITY ASSESSMENT
ASSET DISCOVERY & VALIDATION : All the assets in the organization must been discovered and scanned (credential scan) with scanning tool. If you are having 5000+ assets in your organization, all the asset must be properly scanned for vulnerabilities. you can categorize the assets , hence it will be easier for validation.
VULNERABILITY DISCOVERY : However, some vulnerability scanning tool will take long time to perform scanning .If the server has lot of files and storages or scanning large number of assets will take longer time for scanning. The scheduling of scan must be preplanned according to business plans. The tool like Tenable .io will not reduce performance of the server,endpoints,network devices while scanning, Hence the scan can be performed any time while the devices/assets is turned ON. Validate all the assets are getting scanned successfully , may be due to network interruptions or delay , some assets may not be scanned or dropped out. Hence the assets which are not scanned must be scanned again with vulnerability scanning tool. Validate all vulnerability risk levels are detected for the respective assets.
SOME OF THE TERMS USED IN VULNERABILITY MANAGEMENT,WHICH IS ALL COVERED IN THE BELOW TOPICS ARE :RISK, VULNERABILITY AGEING, THRESHOLD,FALSE POSITIVE, DEVIATION OR EXCEPTION,EOS/EOL PRODUCTS/SOFTWARE ,ZERO DAY,CVE,CVSS SCORES ,PORT, WORKAROUNDPRIORTIZE ASSETS : Group the assets based on the criticality of the business application . This is the essential requirement in the vulnerability Assessment. The Risk Assessment will be based on the asset prioritization. Example : The critical assets must be patched early.
what is the necessary for prioritizing the assets? ( lets discuss more along with risk assessment topic)
Risk Assessment and Prioritize plays the major role in vulnerability Management and securing the assets
Comentários