Let’s talk a little about the importance of vulnerability management. As I’ve mentioned in other posts, data has value. For some organizations, their data and intellectual property is the only item of value (that and their people). So it makes sense to do everything conceivable to keep that data as safe as possible.
Bad guys make a living accessing your data and selling it or ransoming it back to you or using it to impersonate you for nefarious purposes. Aside from social engineering (we’ll discuss that in another post), exploiting software or network vulnerabilities is the chief way they get unauthorized access to your data.
Think for a second about all the programs running on your device. You’ve got email programs, word processing and spreadsheet programs, productivity apps, social media apps, web browsers and on and on. All of those sit on top of the operating system that powers your laptop, desktop, phone, tablet, etc. The operating system is usually the largest, most complex set of programs running on your device and runs a huge amount of transactions where you never see them, under the hood.
Each of those software packages are tested extensively (we hope) by their developers, looking for bugs and other ways to keep from exposing any data they may collect. However, even the most exhaustive testing can’t simulate all the different ways people can and will work with the software when it’s released into the world. It is these bugs or vulnerabilities that bad actors attempt to manipulate to get to your data. Some vulnerabilities allow bad actors to copy and transmit data somewhere only the bad guys can get it, some allow data to be encrypted and “locked” so it can be sold back for ransom, and some allow the bad guys to take remote control of a device in order to search the network for other data or do their nefarious bidding.
Some organizations think that keeping their Windows software up to date, applying the monthly patches – as annoying as they are, is all that’s needed. These are the people that bad guys love. The operating system is important to be sure, but it’s not the only software that gets exploited or has vulnerabilities. Plus, certain configuration settings can make the difference between secure or wide open.
Vulnerability management is the process of continuously identifying, categorizing, and remediating security vulnerabilities in technology systems. It is a method of inventorying each device on your network – phone, laptop, tablet, desktop, router, switch, printer, phone, IOT devices etc. and all the software running on it.
Once you have that inventory, you need to know not only the most the most up-to-date versions available, but also if there are older pieces of the software that aren’t safe anymore; or configuration settings that make a device susceptible to being attacked. Plus, you need a way of knowing how dangerous those vulnerabilities are. There are several products in the marketplace, most commonly referred to as Security Incident and Event Management (SIEM) products.
To be clear, there are some vulnerabilities that are easy to take advantage of and the bad guys have a way to exploit them. There are others where no one has found a way to misuse them yet. This is why you need a ranking system or way to determine which are more dangerous if left unaddressed. A vulnerability is a potential weakness in your defenses. An exploit is a vulnerability that someone has found a way to compromise. This is an important difference.
The last step in managing vulnerabilities is how to fix or remediate them. A good SIEM will not only identify vulnerabilities, but also categorize them based on a severity algorithm and then provide resources to remediate them.
As you can see, this is a never ending cycle – scanning, prioritizing, remediating then doing it all over again. But in the overall scheme, plugging all the potential holes in the wall is an important step in keeping the bad guys away from your valuable data.
Thanks for your blog, nice to read. Do not stop.