There's More to Life Than Patching - Towards a new Vulnerability Management Paradigm

Posted by Tal Morgenstern on Apr 23, 2019 10:26:12 AM

With over 1,600 new vulnerabilities reported in the first 100 days of 2019, in addition to the 17,308 reported in 2018, it’s clear that vulnerability remediation is an ongoing necessity. Given the large number of vulnerabilities that are being added to the pool every day, having a strategy to decide which vulnerabilities to patch first is essential for companies of all sizes.

Risk-based analysis and remediation of vulnerabilities has gone from being a “radical” approach to being recommended by the business mainstream. In a nutshell, the risk-based approach to vulnerability management and remediation involves determining which vulnerabilities pose the greatest actual threat to your business and taking care of them first, by applying the most appropriate response, using automation wherever possible.

shutterstock_412179055

Beyond Just Patching: Vulnerability Remediation Intelligence Databases

There are two key factors that are often overlooked with remediation - how much of a risk does the vulnerability pose to your specific enterprise and what’s the least disruptive way to remove the threat. For example, changing the settings of a firewall may be just as effective as applying a patch, but takes much less time without exposing your network to any of the risks that even the best patches may have. In other cases, patching may, in fact, be the best answer, but it might be riskier in some environments than others.

Due to the risks involved in patching, the best vulnerability remediation processes incorporate a solutions database that encompasses a wide variety of solutions for each vulnerability. These solutions include patches, workarounds, configuration changes, and other compensating controls, enabling the security team to choose the most appropriate solution. From patching a linux server using configuration management tools like Ansible and Chef, through preventing exploitations by using a firewall, WAF or endpoint security product, this solutions database empower teams to easily find the most appropriate solution to each vulnerability, especially solutions that can be deployed automatically. Solutions of this sort will reduce the amount of man-hours spent on each vulnerability.

Database-Based Vulnerability Remediation to the Rescue!

Adding this type of database to your vulnerability management program spares your IT and security teams the trouble of searching for solutions for the problems they want to tackle: the database incorporates the research and experience of other security teams, and will therefore contain the valuable information your team could rely on to remediate vulnerabilities.

Additionally, the information contained in the database, especially any “war stories” of troublesome patch installation, will help your team better understand both the problem and possible solutions. Looking at others’ experience, your personnel will be able to better predict the impact of any solution on your system and reduce the chance of mistakes. Installing a patch involves some risks to the environment. Being exposed to a variety of alternatives will give your team more context, which is key to successful vulnerability management processes.

Download the Whitepaper

See Vulcan’s Vulnerability Remediation Intelligence Platform in Action

Vulcan Cyber’s vulnerability remediation automation platform incorporates our proprietary remediation and community intelligence, offering the most efficient solution to each vulnerability in the system. Our platform not only supplies its users with the best solution available for their vulnerabilities, but it orchestrates and automates the response process, saving valuable time for security teams. To learn more about how this platform provides your vulnerability management team with the context and solutions that keep your network safe, contact us for a consultation.

Topics: Patching, vulnerabilities

Written by Tal Morgenstern