Tuesday, 22 December 2020

Vulnerability Management: Identify, Classify, Remediate, and Mitigate

1.Vulnerability Management:

★Vulnerability management is an integral part of the computer and network security, and must not be confused with a Vulnerability assessment. We discover vulnerabilities with a vulnerability scanner, which analyzes a system in search of known vulnerabilities, like open/insecure ports, software miss configurations, and susceptibility to malware infections. Unknown vulnerabilities, like a zero-day attack, identified with fuzz testing, which might identify certain types of vulnerabilities, as a buffer overflow with relevant test cases. Test automation can facilitate such analysis.


Follow my tech blog to get weekly feeds for free: https://hackernoon.com/u/gtmars.com 

         

        

★In computer security, a vulnerability is a weakness in the system, and a threat actor can exploit the weakness to perform unauthorized actions within organizational applications or networks. To take advantage of a vulnerability, an attacker must have a minimum of one applicable tool or technique that will be wont to identify and connect with system vulnerability. During this frame, we also know vulnerability because of the attack surface.

Vulnerability management is that the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities.

★This practice refers to software vulnerabilities in computing systems. A security risk is usually incorrectly classified as a vulnerability. Using vulnerability with the identical meaning of risk can result in confusion. The danger is that of the potential of a major impact resulting from the exploitation of a vulnerability.

There are vulnerabilities without risk: when the affected asset has no value. We classify a vulnerability with one or more known instances of working and fully implemented attacks as an exploitable vulnerability — a vulnerability that an exploit exists.

1.1 Why Vulnerability Management is Important:

★Both hardware and software applications from multiple industry vendors constantly lookout for security bugs, cause of that actions frequently ending with updates and security patches. According to the CVE management website, more than 16,500 CVE were reported in 201814,600 in 2017, each and every year the overall reporting rates continue to emerge. The more sophisticated network attacks are conducted on vulnerable devices, networks, and software products. It is critical to proactively implement security measures and control to protect the information assets.

1.2 Implications on Our Cloud Products, Infrastructure, and Customers:

★The Vulnerability Rating Framework (VRF) and the Vulnerability Rating Checklist (VRC) becomes VRFC outline the bug researchers the type of issues that are existed, accepted through comprehensive severity and priority criteria. It helps one to understand the type of bug they exploited on particular products, infrastructure, devices, and endpoint users.

★While R&D engineers and security engineers discover bugs on our cloud products and services through Vulnerability & Risk assessment programs, this VRFC helps to brief the vulnerability and remediate the identified vulnerability issues clearly. In addition, VRFC guide provides information about the OWASP Top 10 Web Application Security Risks and other vulnerabilities based on the above-mentioned platforms.

★The Vulnerability Framework Guide (VFG) and Vulnerability Rating Checklist (VRC) designed to support the Security, Operation, Network, and Research & Development (R&D) team, to enhance the effort to further bolster the vulnerability management process and handling with clear transparency and communication.

2. Information Security Assessment Approach:

★The information security assessment approach focuses on a number of services to provide your organization management and its customer with broad business decision-making approaches. We implement cyber intelligence, vulnerability management, incident response, and incident handling, and threat management operations enabled in our organization to protect and defend from external threats, cyber risks, adopt adequate measures.

2.1 Assessment Team:

★In the vulnerability management process, we defined the number of participating teams and required team members to conduct vulnerability assessments.

2.2 Roles and Responsibilities:

★In this section, we defined the roles and responsibilities of each individual member in the vulnerability management operations, which can be identified within the organization in Table 1.

Note: The given roles and responsibilities are only applicable to vulnerability management operations, and differ from their regular responsibilities.

Table 1. Vulnerability management - Roles and Responsibilities.

★The given roles and responsibilities are only applicable to vulnerability management operations and differ from their regular responsibilities or you may add and define responsibilities based on the size of your organization such as small and medium-sized businesses (SMB) to large enterprises.

1

Figure 1. Vulnerability management FlowChart-Roles and responsibilities.

3.Vulnerability Management Process (VMP):

3.1 Objective:

★The objective of this VMP is to identify and eradicate the vulnerabilities in a timely manner. Vulnerability assessment is not conducted periodically by many organizations, most of them perform scans on a quarterly or annual basis. This could trigger the possibility of potential threats to hide and stays there for longer than the expected period. Hence, organizations should conduct a periodical assessment on their network to remediate the threats quickly.

3.2 Vulnerabilities Assessment Types:

(i) The window of vulnerability is that the time from when the protection hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or it disabled the attacker — see a zero-day attack.

(ii) A security bug (security defect) could be a narrower concept: there are vulnerabilities that aren’t associated with software: hardware, site, personnel vulnerabilities are samples of vulnerabilities that don’t seem to be software security bugs.

★The other integral part of vulnerability management, these are the following assessment methodologies can be performed within an organization to discover vulnerabilities, assess, and audit the physical and virtual infrastructure of the network.

  • Vulnerability scanning
  • Web application assessment
  • Phishing assessment
  • Network mapping
  • Wireless assessment
  • Database assessment
  • Operating system security assessment (OSSA)
  • Penetration testing

(i) Discovering and cataloging all assets within your network.

(ii) Assigning a price to identified assets.

(iii) Identifying vulnerabilities and threats that exist for every asset.

(iv) Assessing the likelihood that they also exploit threats and

★Building a recommendation for cost-effective mitigation. In the above section, potential impact, and also the likelihood of occurrence are projected, considering existing controls safeguards that would reduce the impact of the likelihood.

Note: Please, use the rating matrix to evaluate the vulnerabilities, risk rating of Critical, High, Medium, Low to explain the magnitude of risk.

★I have defined everything that you need to understand about these topics in these web links, feel free to navigate than all, worth a try!!!

https://hackernoon.com/network-vulnerabilities-how-to-identify-them-and-assign-risk-ratings-706z3tzk

https://hackernoon.com/the-ultimate-strategy-to-identify-threats-in-a-network-and-perform-risk-exposure-matrix-k5193txu

4. Vulnerability Management Phases:

Vulnerability management is the process of preparing, discovering, identifying, evaluating, remediating, and reporting on security vulnerabilities in software applications and hardware systems. A vulnerability management process consists of five phases:

Figure 2. Vulnerability management process (VMF).

4.1 Prepare:

★The preparation phase is used to build a scope for the vulnerability management process. The discovered vulnerabilities can be identified with the marginal scopes. When the Security architect defines the scope (assets, scan types (Internal-External), assessment types, limitation, network infrastructure, cloud resources, roles, responsibilities) and it is reviewed and approved by the CISO and the security manager prior to the next process (Discover). It depends on the organization to obtain and document a request, approval from each asset owner or department head before performing vulnerability scans on the assets. When an organization implementing a vulnerability management process, it is highly recommended to initiate with a number of limitations in the scope. A risk-based approach to the management process helps to determine vulnerability risks with different elements. It helps the security engineer to process, control, and handle information about vulnerabilities more efficiently and prevent them from being overwhelmed. The stakeholders and other top management members can initially understand the scope and its potentials.

4.2 Discover:

★Once the scope and responsibilities are defined in the preparation phase, the discovery phase begins and the security engineer actively performs the scanning operations on information assets that include both physical and virtual security of the organization. For instance, the majority of the dynamic scanning performed through industry-standard tools, engineers can apply templates to create a various number of vulnerability results.

4.3 Identify and Evaluate:

★Once security engineers completed the scanning, the next step is to identify and apply an evaluation matrix on each vulnerability type and assign it to a group. Engineers can integrate and apply the risk rating matrix and risk exposure on the vulnerability to separate them. The security engineers can produce different types of scanning results such as overall CVE, risk exposures, risk rating matrix, priority’s, solutions, recommendations for mitigation and submit to the security manager, security architect, and CISO.

4.4 Remediate:

★After the completion of the report generation process, the security manager, architect, and CISO will review each individual report based on the results. The CISO will review and accept the report based on the defined inputs in the feasibility, and provide feedback to architects, security engineers on the potential required to remediate actions. Based on the feedback, security engineers apply the inputs and regenerate the identify & evaluation phase results. The previous and new inputs are all recorded with timeframe information for references and analysis purposes. The security architect must track the status of the remediation process and actions.

4.5 Re-Scan:

★When the remediation inputs are applied to the process, the security engineer enters the final phase re-scan, and it can be performed only after the confirmation of the remediation phase. It will be performed with the same discovery applications and initial configurations on the templates. The security architect, manager actively engaged with the security engineer team to understand the remediation inputs have been effectively implemented. It is highly recommended to the CISO/CTO to establish a new set of scheduling frameworks on your organization's products and resources to perform scanning operation activities such as a weekly, monthly, or quarterly basis. It will ensure the rapid discovery, detection, and remediation of existing and new vulnerabilities, allowing the CISO to determine and deploy necessary security measures and controls in a timely fashion.

I appreciate your effort towards the end of this article, also I tried my best to make the knowledge and resource to be intriguing to the readers. If you liked the effort, learned a piece of information, then I appreciate your effort to give a clap and make me smile! Thanks a bunch!!!.

Conclusion:

1

★I believe this article provided and covered important measures and guides related to the article title. This approach focuses on a number of services to provide your organization management and its customer with broad business decision-making approaches. I encourage organizations to implement cyber intelligence, vulnerability management, incident response, incident handling, and threat management operations enabled in your organization to protect and defend from external threats, cyber risks, adopt adequate measures to act defend-early, and avoid damages to the assets.

— — — — —— — — THE END — — — — — — — —

Quote of the day: 鱼见食而不见钩,人见利而不见害 (Yú jiàn shí ér bùjiàn gōu, rén jiàn lì ér bùjiàn hài)

1

Explanation: The fish sees the food but not the hook, and the man sees the profit but not the harm.


Thanks for reading!

Have a pleasant day!

First published at https://gtmars.medium.com/how-to-create-a-vulnerability-management-team-work-flow-chart-process-roles-and-be3eb1bad0d3

No comments:

Post a Comment

How can I permanently turn off or disable the Microsoft Compatibility Telemetry service causing High CPU usage?

  You may or may not noticed that The Microsoft Compatibility Telemetry module occupies your computer's “ CPU memory ” & “ Power usa...