The Center for Internet Security (CIS) is responsible for identifying and developing standards, tools, and solutions in the information security field. The continuous vulnerability management process is included in the list of CIS recommendations and is an integral part of cybersecurity and network security. It is the responsibility of organizations to regularly collect, evaluate information regarding vulnerabilities and take prompt action to correct or minimize «opportunities» for criminal activity. This is due to the rapid growth of cybercrime, that forces organizations to pay more attention to information security. Vulnerability management should be part of an overall information risk management strategy.
A vulnerability is a certain flaw in an organization’s information system that can be used by a cybercriminal to gain access and perform unauthorized actions (running codes, gaining access to system memory, installing malware, stealing, destroying or changing company corporate data).
The most dangerous for the system security are computer worms. It is a malicious software that self-replicates, infects other computers, and remains active on infected systems. Vulnerabilities in network protocols, operating systems, and backdoors are often exploited to distribute such software.
Vulnerability management is the process of identifying, assessing, prioritizing, remediating (eliminating and preventing potential attacks, or minimizing attacks impact and scale), and reporting on security vulnerabilities in web applications, mobile devices, and software. As a result, organizations have the opportunity to receive up-to-date data on the state of the IT environment, the presence of vulnerabilities and the risks associated with them. Vulnerabilities cannot be ignored. The only way to reduce the risk of a cyberattack is to identify and fix each vulnerability.
The Vulnerability Management process is a cyclical process of identifying, classifying, fixing, and mitigating security vulnerabilities. Vulnerability discovery, assessment and reporting are important elements of the program.
Vulnerability detection is performed using a scanner, software that scans computers, networks, and applications for known vulnerabilities. The scan detects vulnerabilities that result from misconfiguration and erroneous network programming, and scans with or without authentication.
The essence of authenticated scanning is to provide access to low-level data (certain services, configuration details, precise information about operating systems, software, configuration issues, access controls, security controls, and patch management. Unauthenticated scanning does not provide access to network resources, that can lead to inaccurate information about operating systems and installed software.
Scanners can make mistakes and miss vulnerabilities, penetration testing (automated testing with software or mechanical testing of information technology to find vulnerabilities) should be used. The testing process involves collecting information, identifying possible attack vectors, making attempts to use them, and generating conclusions. Testing can also be used to test local security controls, compliance with security policies, employee susceptibility to social engineering attacks, and incident response strategies.
The vulnerability assessment process includes 5 steps:
The vulnerability remediation phase involves several options: