Vulnerability Management is an ongoing process of identifying, evaluating, prioritizing and remediating vulnerabilities discovered. It is a proactive approach to protect your modern IT infrastructures from different attacks and reduce the associated risks. People often confuse between vulnerability assessment and vulnerability management. Vulnerability assessment is an approach through which vulnerabilities associated with a given system is found whereas vulnerability management goes beyond by finding and managing those vulnerabilities. Vulnerability assessment is a part of vulnerability management. Through vulnerability management you can periodically scan the given assets and track remediation and patch progress for a wide range of vulnerabilities discovered. It gives you a detailed picture of what’s existing in your corporate network by effectively discovering total number of assets which may be missed while doing general vulnerability assessmentGet Quotation
Risk Based Vulnerability Management
Process of Risk Based Vulnerability Management
Having transparency over what’s in your network is very critical as you can’t assess what you can’t see. The first and foremost step in vulnerability management is to detect total number of assets in a given organization.
Once assets are discovered they need to be assessed for vulnerabilities. In this phase vulnerabilities scans are created to periodically assess a given set of assets or on demand.
Not all vulnerabilities possess the same risk to the organization. It is of utmost important to prioritize vulnerabilities so that the team can focus on what matters most right now and plan the fixation accordingly.
Once vulnerabilities are prioritized the IT team needs to fix those vulnerabilities according to priority list. In this phase the patch team is given a list of vulnerabilities to fix according to the risk they possess and the fixations are initiated.
Measure and repeat
Key metrics are very important to work on improvements to strengthen the security posture. Metrics such as scanning strategies , time to fix , adherence to industry standards etc. are adjusted accordingly . As the vulnerability management is an ongoing process this repeats.