Threat Center Security News Vulnerability Management
Vulnerability Management Print E-mail
Written by Rebecca Mints   
Tuesday, 18 March 2008 14:16
In today's environment, the importance of good vulnerability management cannot be stressed enough. No matter how much revenue is allocated to securing an environment it can be difficult to buy the ultimate solution that covers all areas of attack. Thankfully there are tools and services available that can severely cut down on risk exposure.

The process of measuring security flaws in external and internal networks and managing them appropriatly is known as Vulnerability Management. According to Tim Erlin, principal product manager at nCircle Network Security Inc of San Francisco, "The process generally includes comprehensive discovery and profiling of network assets, assessment of each asset for applications and vulnerabilities within those applications, prioritization of the assets and vulnerabilities, and finally workflow for remediation of the prioritized conditions."

There are many tools available that can assist in the management of vulnerabilities. But they are geared towards very specific sectors: network vulnerabilities, web application vulnerabilities, or configuration. All of these areas need to be given special attention. By omitting any one of them an environment is wide open to attacks. A chain is only as strong as its weakest link.

It's important to keep an inventory of every aspect of an organization, and to continually update the catalogue. IT is constantly changing, so the inventory catalogue needs to change with it. "Vulnerabilities cannot be accurately assessed without an inventory of the applications in which they exist," said Erlin. "Tools that don't provide a complete and separate assessment of applications on an asset are missing a vital component to vulnerability management."

Erlin also goes on to say: "Every vulnerability management tool will produce more work than an organization can accomplish, therefore every vulnerability management program must provide a mechanism for prioritizing the results to address the highest risk conditions first, even if all the discovered vulnerabilities are critical."

While having tools for assessing risk to vulnerabilities is a good start, it's also important to realize the value that a third party vendor can provide. Security assessors such as Gtron Solutions can prove to be invaluable. Their sole focus is assessing risk, so while having tools to assess one's own risk are useful, by having an expert in the field take a look at things a true and correct plan for vulnerability management can be deployed.

REFERENCES:
Enterprise IT Planet
Feel Vulnerable? Time for Vulnerability Management Tools
 

WTW Threat Level