Cyber Security Tutorial

Cyber Security Overview Cyber Security Introduction Cyber Crime Cyber Space Cyber Criminals Cyber Law Cyber Attackers Types of Hackers Functions of Cyber Security Method to Improve Data Security Cyber security frameworks Importance of Cyber Security Types of Cyber Security Cyber Security Fundamentals Applications of cyber security Cyber security in education sector Cyber security in health care industry Cyber security tools Cyber security policies Types of security policies Characteristics of cyber security policies Digital signature Cyber Security Standards NIST- National Institute of Standard and technology Information Technology Act ISO - International Standard for Organization ISO certification PCI DSS Standard FINRA Difference between Information Security and Cyber Security Cyber Security Vulnerability Elements of vulnerability management Social Engineering Vulnerability Assessment Vulnerability management Types of cyber security vulnerabilities Identification of security vulnerability Types of social engineering attacks Penetration Testing Penetration Testing Tools Types of penetration testing Process of Penetration Testing What is Phishing Elements of cyber security Difference between Spoofing and Phishing Difference between Network Security and Cyber Security Difference between Ethical Hacking & Cyber Security Role of artificial engineering in cyber security Cyber Forensics Definition Cyber Security job qualifications Cyber Security Prerequisites Cyber Security Identity and Access Management What is Cyber Forensics Different Types of Cybercrime Different types of cybercrime Tunneling Techniques in Cyber Security

Vulnerability management
2022-07-13 00:31:33

Vulnerability management

A process of managing the vulnerabilities in the system is called vulnerability management. Vulnerability management is the cyclic process of identifying, evaluating, reporting and treating the system vulnerabilities and IT assets. This process identifies threats, misconfiguration and vulnerabilities by collating with the IT assets.

"It is a continuous process of identifying vulnerabilities in the operating system which further can be remediated through patching and configuration of security settings." 

The vulnerability management process handles the vulnerabilities detected in enterprise applications (cloud or on-premises), end-user applications, operating systems and browsers. It is also referred to as a strategy used by the organization to monitor, minimize and eradicate vulnerabilities in the system. This process usually passes through four stages:

  • Identifying vulnerabilities
  • Evaluating vulnerabilities
  • Treating Vulnerabilities       
  • Reporting vulnerabilities

Vulnerability management lifecycle & process

 To prevent the businesses form cyber criminals

  • Identifying vulnerabilities
    The first step of the vulnerability management process is the identification of the vulnerabilities in the system. It is also known as the discovery of vulnerabilities using a vulnerability scanner to explore the network. This scanning is done on mobile devices, firewalls, laptops, desktops, printers, servers and databases in which it discovers all the relevant IT assets and mapping out all the potential sources of vulnerability. This phase understands which assets are present in the IT environment like cloud networks, physical or virtual networks, and potential attack surfaces. Here assets are mapped, and a database is created to scan for vulnerabilities. The scanning process takes place in these simple steps:
  1. All the network-accessible systems are scanned by sending TCP/UDP packets or pining them.
  2. All the open ports and services are identified running on the scanned system.
  3. The system should be logged in to gather all the detailed information
  4. All the system information should be correlated with known vulnerabilities
  5. All the vulnerabilities are associated with the vulnerability scanner that uses the vulnerability database for it as it contains a list of publically known vulnerabilities

    Rather vulnerability scanners sometimes disturb the networks and systems during scanning. However, still, vulnerability management uses the vulnerability scanner as it's an essential component because without this system can't be configured. This is the foundation of the vulnerability management process because it covers all the relevant systems, and its disturbance issue is mitigated by using adaptive scanning.

    Adaptive scanning is a vulnerability scanning method that automates and streamlines vulnerability scans based on changes in the network. For example, A vulnerability scanner scans the newly designed system connected to the network for the first time as soon as possible instead of waiting for monthly or weekly scans. It starts scanning the entire network without waiting od scheduled scans.

    Vulnerability data is not only collected from vulnerability scanning. It can be possible with endpoints agents that gather the vulnerability data without scanning the system. It can be done by vulnerability management solutions that help the organization maintain up-to-date system vulnerability data. This gathered data is used to create metrics, dashboards, reports and dashboards for various audiences.
  • Evaluating Vulnerabilities
    The second step of the vulnerability management process came into use after identifying vulnerabilities that need to be evaluated for dealing with the risk posed by them following an organization's risk management strategy. It prioritizes the vulnerabilities by categorizing them into groups, and a risk-based prioritization is assigned based on criticality to the organization. Vulnerabilities are provided different risk ratings and scores by the vulnerability management solutions using CVSS- a common vulnerability scoring system. This categorization and scoring of vulnerabilities are necessary for an organization to tell which vulnerability they should focus on first. Some of the risk posed by vulnerabilities depends on some of the   other factors like:
  1. How long is the vulnerability sustained in the network?
  2. Difficulty in exploiting this vulnerability
  3. Which published exploit code for this vulnerability?
  4. How does the vulnerability impact the business after being exploited?
  5. Will this vulnerability be directly exploited by someone on the internet?
  6. What security controls and measures should control this vulnerability?
  7. Whether the vulnerability true or false positive?

    It's not mandatory that vulnerability scanning tools would be perfect sometime; they can show false detection during low but greater than zero. So to weed out false positives, an organization performs vulnerability validation with penetration testing tools and techniques that help them focus on dealing with real vulnerabilities. It's an eye-opening experience for an organization to see the results of vulnerability validation exercises or full-blown penetration tests which prove that the vulnerability wasn't that risky.    
  • Assessment/ treating/ patching vulnerability
    The third step is to prioritize the treatment method of vulnerability with the original stakeholders of the network or business. Here, vulnerability is treated with different methods such as:
  1. Acceptance: Sometimes, when a vulnerability is deemed low risk, no action is taken to fix or lessen the impact of the exploited vulnerability. Another reason for acceptance is that the cost of fixing vulnerability is estimated high than the cost incurred by an organization (if a vulnerability is going to be exploited).
  2. Remediation: To stop the exploitation of the vulnerability, it is fully fixed or patched, known as remediation. It is an ideal treatment option by the organization for treating vulnerabilities or eliminating threat vectors in any system. After completing the remediation, you must run another vulnerability scan to ensure the vulnerability has been fully resolved.
  3. Mitigation: Mitigation is also a patching method in which such measures are adopted to lessen the scope or impact of security breaches (quarantining an attack or going offline). It is a backup method for handling identified vulnerabilities when proper fixes or patches are unavailable. It can buy time for security teams to prevent breaches up to when they can fix or patch the vulnerability.
  • Reporting, tracking and metric
    This step in vulnerability management solutions boosts program efficiency by employing regular tracking, reporting and metrics. These not only equip IT teams to fix any vulnerability but also monitor them over time in different parts of their network. The vulnerability management process also helps the organization meet compliance and regulatory standards like HIPPA and PCI DSS. This management process is continuous to the overall information security lifecycle, requiring continuous improvement, monitoring and assessment.               

Need for vulnerability management

Vulnerability opens the way to entering cybercriminals into the system as they are the critical security flaws in the network. If these vulnerabilities are not identified and patched in time, it leaves the doors and windows open for the attacker to enter your system. But it is not a one-time process, as with emerging of new technology, new threats emerge each day. Once the cyber attackers enter the system, they start abusing resources, denying services, and stealing data.

Vulnerability management works continuously and has strategies that ensure the life span of vulnerabilities in the system would be the shortest possible. This provides a thorough search of vulnerabilities in the system/network. In an enterprise, vulnerability management reduces the risk and maintenance cost of the system; therefore, it is profitable for any business.

Benefits of vulnerability management program

  • It controls the information security risks.
  • Focus on the increasing cyber-crime and complexity
  • Keep restrictions on vulnerabilities in their IT environment and associated risks.
  • Built a defence system  and strengthen the security posture against cyber threats
  • This management system also remediates vulnerabilities and builds a cyber security defensive system.
  • This program adopts a proactive approach to step ahead of cybercriminals
  • Demonstrate the compliance and remove the weakness in the operating system
  • It improves internal communication and visibility in the remote workforce about the cyber security in all the systems against the latest threats and vulnerabilities.
  • It enhanced security
  • Immediately fix the vulnerabilities
  • Operational efficiencies
  • Provide visibility and reporting

Hurdles to vulnerability management

One should be familiar with the barrier that comes in the way of an effective management system before implementing vulnerability management software in the organization. Therefore some of the roadblocks or barriers to vulnerability management are as follows:-

  • Lacking continuous and real-time monitoring
  • Due to thinking vulnerabilities = CVEs
  • Due to not inventorying all your assets
  • Not having risk-based prioritization
  • Not having and using of right tool at the right time
  • Do not have a searchable inventory of the IT assets