Cyber Security Tutorial

Cyber Security Overview Cyber Security Introduction Cyber Crime Cyber Space Cyber Criminals Cyber Law Cyber Attackers Types of Hackers Functions of Cyber Security Method to Improve Data Security Cyber security frameworks Importance of Cyber Security Types of Cyber Security Cyber Security Fundamentals Applications of cyber security Cyber security in education sector Cyber security in health care industry Cyber security tools Cyber security policies Types of security policies Characteristics of cyber security policies Digital signature Cyber Security Standards NIST- National Institute of Standard and technology Information Technology Act ISO - International Standard for Organization ISO certification PCI DSS Standard FINRA Difference between Information Security and Cyber Security Cyber Security Vulnerability Elements of vulnerability management Social Engineering Vulnerability Assessment Vulnerability management Types of cyber security vulnerabilities Identification of security vulnerability Types of social engineering attacks Penetration Testing Penetration Testing Tools Types of penetration testing Process of Penetration Testing What is Phishing Elements of cyber security Difference between Spoofing and Phishing Difference between Network Security and Cyber Security Difference between Ethical Hacking & Cyber Security Role of artificial engineering in cyber security Cyber Forensics Definition Cyber Security job qualifications Cyber Security Prerequisites Cyber Security Identity and Access Management What is Cyber Forensics Different Types of Cybercrime Different types of cybercrime Tunneling Techniques in Cyber Security

Elements of vulnerability management
2022-07-04 00:02:13

Elements of vulnerability management

Vulnerability management is the process or program that consists of identifying, classifying, remediation, and mitigating security vulnerabilities.

The whole process is included in the three core elements of vulnerability management, where vulnerabilities are detected, assessed and remediate with the help of various tools and testing. Elements of vulnerability management are as:

  1. Vulnerability detection
  2. Vulnerability assessment
  3. Vulnerability remediation
Elements of vulnerability management

Vulnerability detection

Without detecting or identifying vulnerabilities, it's impossible to patch them and provide security to the system. To provide security against vulnerability, vulnerability detection is done by three methods:

  1. Vulnerability scanning
  2. Penetration testing
  3. Google hacking
Elements of vulnerability management

Vulnerability scanning

Vulnerability scanning process help in classifying and detecting system weaknesses and security holes in communication equipment, networks and computers. To identify network, system, application and security vulnerability, the scanning process is used to find the commonly known "vuln scan”. This automated process is performed by an organization's IT department or third-party security service provider. Attackers also scan to find any weakness in the system so they can exploit it for their benefit.

For the scanning process, a scanner (software) is used which discover and identify vulnerabilities resist due to flawed programming and misconfiguration within a network. Scanning is done by using a piece of software running from the organization or person inspecting the attack surface in question. The scanner also compares the details about the target attack surface by using a database or its references like

flaws, packet construction anomalies, coding bugs, potential paths to sensitive data and default configurations can be exploited by attackers.

The scanner scans the device and software to check for possible vulnerabilities within the scope of engagement. Further, it generates a scan report, which is analyzed and interpreted by the organization's experts to improve its security posture.

Some of the popular scanning tools are:

  • Probably
  • Acunetix
  • Manage Engine Vulnerability Manager plus
  • Rapid 7 Nexpose
  • Solar winds network configuration manager
  • Tripwire IP 360

Categorization of network vulnerability scans based on use-cases:

  • Scanning methods
    • Intrusive vulnerability assessment
      The intrusive scanning method highlights the security risk and an impact of an exploited vulnerability. This scanning can create issues for customers and employees of an organization by disrupting processes and operational systems in the network; therefore, it should be used with caution. In this, an attack plan is created after vulnerabilities are discovered during scanning.
    • Non-intrusive vulnerability scan
      Using a non-intrusive method, no actual vulnerability exploitation occurs during this process; it identifies a vulnerability and generates a report so the user can fix it. Scanner finds out the occurrence of vulnerability in the given conditions.
  • Scanning types
    • Internal vulnerability scan
      This type of scan targets the internal enterprise network, which finds vulnerabilities to avoid damage. It also makes the organization tighten its security and protect its system and applications not exposed by external scans. Suppose a hacker finds a security hole in the system or application. In that case, it can leave the enterprise system prone to damage, so an internal vulnerability scan of the system's internal network is essential to protect it.
    • External vulnerability scan
      It scans all the exposed areas in the IT ecosystem that use the internet or are not restricted for internal use. Such exposed areas accessed by users and customers are websites, networks, applications, ports and systems.
    • Environmental vulnerability scan
      This vulnerability scan is special and deployed for multiple technologies like websites, mobile devices, IoT devices and cloud-based services. Here scanning is based on the specific environment of the organization's technology operations.

Penetration testing

Penetration testing (pen test) is the type of vulnerability detection tool used by security experts to find and exploit security vulnerabilities in a computer system. It’s a kind of attack purposely used to identify any weak spot in the system regarding preventing the system from the attackers taking advantage of it.

With the right intention and scope, penetration testing can drive into any aspect of the system. With the pen test, experts ensure the system is robust enough to bear the authorized or unauthorized attacks and examine the range of system roles. This is like hiring someone to apply techniques, tools and processes like attackers do to discover and demonstrate the vulnerabilities/weaknesses in the business in a system.

Google hacking

Google hacking, known as Google docking, in which Google search engine is used by hackers/attackers to locate security vulnerabilities and submit queries to search engines to find sensitive information lying on web pages that Google has indexed. It also refers to finding security vulnerabilities in applications indexed by Google. Google hacking is not bound to search through the search engine but can be practised on any major search engine.

Vulnerability assessment

Vulnerability assessment is a one-time project with a time boundation (start and end date). Some of the characteristics of vulnerability assessment are the same as penetration testing, but vulnerability assessment is not a scan. Penetration testing finds the weak spots in the system's security but vulnerability assessment followed by penetration testing identifies cyber security threats and risks via automated vulnerability scanning tools, which provide information to the information technology and information security teams to mitigate and prevent cyber security threats.

Vulnerability remediation

As the name defined in this element, vulnerabilities are remediated (can be corrected), but before that, vulnerabilities need to be discovered and followed the process.

  • Discover
  • Prioritize
  • Remediate
  • Monitor

Remediation workflows depend on the scanning and communication tools to function. Penetration testing and vulnerability assessment are responsible for some vulnerability remediation as these produce test reports and outline how to fix them. These reports are helpful for security teams to rank flaws by severity, and the team can patch the critical flaws first.

Traditional remediation can be responsible for leaving the system vulnerable for longer than necessary if it increases the mean time to respond (MTTR).

How to build a vulnerability management program?

There are certain steps to build, establish and strengthen an organization's top-notch vulnerability management program.

  • Assemble a team
  • Acquire the right tools
  • Keeping a current or comprehensive inventory of assets
  • Develop an "obsessive focus on visibility."
  • Threat landscape should be cross-referenced with the environment
  • Knowing about application, assets and risk tolerance
  • Remediate, communicate and report
  • Be more aggressive with scanning
  • Deliberated and documented workflow
  • Track KPI’s
  • Create a bug bounty program
  • The expectation is set and adjusted over time
  • Program performance should be reported to stakeholders

Challenges in vulnerability management program

  1. Incomplete asset inventory
  2. Identifying vulnerabilities
  3. Prioritizing vulnerabilities
  4. Timely remediation of vulnerabilities
  5. Tracking the vulnerability management process

Vulnerability management best practices

  • Regularly scanning of vulnerabilities
  • Scanning of endpoints of network and every device too
  • Owners are assigned to critical assets
  • All scans and their result are documented
  • Ensuring security assessment and risk-based prioritization of the patching process
  • To ensure continuous security assessments, correct training is provided to the IT team.
  • Updation of security baselines is maintained and mapped with compliance requirements.
  • Review, measure and define the metrics of the program
  • Mitigation tracking is deployed in the vulnerability management program
  • The vulnerability management program is centrally visible