Vulnerability management is the process of staying on top of vulnerabilities so the fixes can be more frequent and effective. Vulnerabilities in need of fixing must be prioritized based on which ones post the most immediate risk to the network. It’s handled in various ways by security companies working in the field, from training and best-practice implementations to filtering all the vulnerability noise down to just the most dangerous threats for a protected organization.
In cybersecurity, vulnerabilities are a big deal because without them, there would be very few breaches. But vulnerabilities on their own aren’t active threats, so it’s difficult for companies to figure out which to address, and in what order. This is especially true when the number of vulnerabilities climb to staggering levels — sometimes into the millions for larger networks.
Think of vulnerabilities like holes in a suit of armor. The holes might not instantly pose a problem, but probably will cause trouble eventually. Ideally, patching those holes before someone exploits one, sending an arrow through it for example, is a good idea. The problem in cybersecurity is that there are a lot of vulnerabilities.
Almost anything can become a vulnerability and thus a liability to network security. Things like unpatched operating systems, or programs and apps running old software versions are common vulnerabilities, as are siloed applications plugged into a modern network. On the more advanced side, attackers may find exploits that nobody else knows about, attacking a hole in the armor that was previously unknown. Even users can sometimes be considered vulnerabilities, especially today when many of the most targeted attacks, such as phishing, are designed to trick users into lowering the defenses for attackers.
Vulnerability management software
Here's how 4 innovative vulnerability management tools are tackling this critical topic.
1. Kenna Security
Kenna Security's vulnerability management platform is designed to prioritize the most dangerous vulnerabilities that could potentially harm a protected network. In a nutshell, it monitors most major threat feeds, and compares that data with assets inside a protected network.
The Kenna platform is deployed in a software as a service (SaaS) model, where users pay a yearly subscription fee to log into the secure site that collects their specific vulnerability data. The data collected by Kenna is used to improve security across the platform, so the more organizations that purchase it, the more threats it will likely encounter. Currently, Kenna tracks over two billion vulnerabilities worldwide, and the number grows daily.
Sometimes the best defense is a good offense. That was the philosophy behind the SCYTHE security company’s efforts to create the Crossbow vulnerability assessment platform. Deployed using either software as a service (SaaS) or through an on-premises installation, Crossbow is a virtual threat sandbox, allowing administrators to load up and deploy actual historical attacks like WannaCry, Goldeneye or Haxdoor, or create new threats from scratch. Once loaded or created, those attacks can be sent against a protected network to probe for any vulnerabilities.
Sign up for Computerworld eNewsletters.