This is the fourth article in our 10-part series for National Cybersecurity Awareness Month. Look for new cybersecurity topics explained by Alpine Cyber experts every Tuesday and Thursday in October.
The IT Department Dream Scenario
Imagine your CIO has the following information at his or her fingertips:
- Exactly how many machines are in their environment
- All the vulnerabilities for each device
- All the available patches
- A list of priorities to show which issues are most critical
And what else could complete this dream scenario? For any patch that isn’t available or installable, the team has a mitigation plan to address it.
Are you already living the dream? Or did you just realize your vulnerability management isn’t up to snuff?
Keep reading and we’ll explain how CIOs can sleep easier at night.
3 Steps to Professional Vulnerability Management
It’s critical that your IT Team be aware of the state of each device on a monthly basis. Luckily, you don’t have to do it alone or build a process from scratch. There are vulnerability management systems to keep track of everything on your network.
These types of systems – at a minimum – should baseline your environment, perform vulnerability scans, and help you create a plan.
Baseline Your Environment
In the beginning, you will perform a host scan of your environment. This will tell you every device connected to the network and allow you to track down new surprises.
Surprises can run the gamut — from a development team standing up a new server to go around the slower-than-comfortable approval process, to an employee bringing in an iPad to watch Netflix on the company WiFi. That last one could also be an issue for HR, but let’s stay on the technical side for now.
This baseline scan needs to repeat at regular intervals to catch changes.
Perform Vulnerability Scans
This is the meat of the process.
There are two types of vulnerability scans – unauthenticated and authenticated. Unauthenticated scans probe the open ports on a system and attempt to identify vulnerabilities based on what is exposed. Authenticated scans actually log onto the system as a service account and interrogate the operating system for vulnerabilities and patches.
Authenticated scans are WAAAAAY better and should be the default, falling back to unauthenticated only if there are specific technical or policy reasons why you can’t do it otherwise.
The vulnerability scan captures the vulnerabilities, in the form of missing patches and identifiable misconfigurations on each system. Pretty cool, right?
But be careful what you wish for because it’s a LOT of data. The first reaction, understandably, is to feel overwhelmed. That’s where the next step comes in…
Create a plan
Most vulnerability scanning software has a rating system to classify vulnerabilities by severity. From an operational standpoint, you want to use these ratings to prioritize remediation (i.e. patching) for two reasons.
First, prioritization ensures that the team handles issues with highest severity first. These are the biggest holes, or the ones most easily exploited.
Prioritizing also helps the team build confidence while avoiding that overwhelming feeling. You can’t fix everything with the push of a button. But you can drastically lower your overall risk by killing off the biggest issues first.
Each month you address the most severe findings and work your way down the remaining list. You will also be aware of new machines attaching to your network along with new vulnerabilities. Before long, your environment is up-to-date and configured with best practices – that is, until the next batch of software vulnerabilities is released. It is an ongoing process.
A Process With Clear Deliverables
We’ve covered the process and explained how it reduces the attack surface for your environment.
There are other business benefits as well. A continuous vulnerability management process produces useful trend data. This data can feed into key performance indicators, and help management understand the IT security program’s value.
If you would like more help Alpine Cyber is here. We can explain the options on the market and even manage the whole process for your organization.
Stay safe out there.Contact Alpine Cyber