Vulnerability Management
Vulnerability Management has become a key area of computer and network security. It consists of the identification, classification, prioritisation, remediation, and mitigation of weaknesses that systems have which can make them permeable to threats.
As one of the most proactive approaches, Vulnerability Management starts with the search for vulnerabilities in the system and ends when they are finally fixed. In order to achieve this, a pipeline is put together aiming to solve each of the found threats.
The process of vulnerability remediation usually begins with a triage. The triage is where the risk to the business is evaluated and each vulnerability is prioritised from there. This is important since the number of reported vulnerabilities may be too high, being mandatory to determine the order in which each one of them must be treated.
Vulnerabilities that are not real but are behaviors expected by the business – or when the detection process simply fails reporting non-existent vulnerabilities. False positives are usually identified and removed during the triage stage.
If what is detected is indeed a vulnerability, it then enters the pipeline where a report is generated for each one of them so that they can be resolved in the shortest possible time frame. Reports can be generated by both internal and external actors. Following ths, a person is assigned as in charge of managing or solving the vulnerability.
Usually the company defines a Service Level Agreement (SLA) which helps determine the maximum time frame in which a vulnerability can be kept open according to its level of risk. Starting with the SLA, the goal will be to comply with the established time frame. In order to achieve this, adequate follow-ups must be carried out.
Vulnerability Management can be outsourced to a specialised company. Companies dedicated to providing this type of service use significant resources to be able to filter, above all else, false positives and, among other things, enhance the reports that the affected company receives so that it has a greater level of detail of the problem which will help it remedy the vulnerability in the most appropriate way.
The speed of response and the ability to remediate vulnerabilities will reduce any type of risk to the company. In the end, the goal is to fix all of the vulnerabilities that have been reported.