Vulnerability management is a proactive process to mitigate risks associated with systems in an organization. Technology is always evolving, hardware and software alike, and there has to be a automated process to check the latest threats within an organization.
Vulnerability management tools discovers and tracks all IT assets in an organization, scans for weaknesses in flaws in those assets, manages patches and configurations automatically, and remediates the identified vulnerabilities if possible. There are 6 critical steps to vulnerability management lifecycle which are discovery, prioritization of assets, assessments, reporting, remediation, and verification and monitoring. IT assets require continuous monitoring since updates come out on continuous basis.
Items are ranked and categorized based on common vulnerability scoring system as well as asset’s importance to a company. CVSS is a free and open industry standards to assess and communicate severity and characteristics of software vulnerabilities. One needs to consider performance impact on the endpoint since scanning frequently tend to slow down the network as well as the endpoint due to high resource consumption. Note that vulnerability scan isn’t done every day to minimize impact to operations.
HansITAcademy 