If you are considering adopting a “Smart” approach to your Vulnerability Management (VM) Program, we have put together a list of six top-of-mind items you need to consider before you go “Smart”:
As new systems are deployed, decommissioned, or existing system changes and APIs are left unmanaged, new avenues of attack surface are introduced. You cannot protect what you cannot see. The good news is that there are Smart ASM and API Discovery solutions to provide full visibility coverage continuously. If your attack surface is ever-evolving, then your ASM and API Discovery approach must be continuous also.
Automation can only get you so far. In general, automation and scanning tools do not detect certain issues including business logic and complex data-driven vulnerabilities. That’s where integrated Penetration Testing comes in. To verify and determine all vulnerabilities have been effectively closed, it is necessary to manually attempt to break the business logic of the application. This needs to be performed by experts whose technical expertise and enterprise business logic knowledge can truly go to the bottom of what the automated scanning tools have surfaced and provide in-depth analysis and verifiable conclusions to every possible exposure. Traditional calendar-scheduled penetration testing will not suffice – it must be in concert with your automated Vulnerability Management scanning solution.
Vulnerability Management (VM) with blind spots is not smart. Smart VM assesses vulnerability across the entire stack from the network to the application layer. Just as the hackers themselves welcome any weakness in any layer – they are quite accommodating in this respect – so too should the Smart VM solution address any issue regardless of the layer location. Even if you manually attempted to tie insights from each tool dedicated to each layer, there are correlations of incident detection between layers that you may miss. These correlations are precisely what an integrated full stack solution would detect.
Traditional automated scanning solutions will provide incident alerts. They will provide a lot of them. But without knowing their context – what order of priority both on the business and technical side they should be placed in – it is challenging to determine how one should respond and with what urgency. And chasing every incident as if it has a Level 1 Risk Association tied to it is simply not sustainable. A Smart VM solution is designed so that in the onboarding phase, vulnerabilities can be classified to reflect both the technical and business risk they represent.
The Smartest of Vulnerability Management (VM) solutions will be effectively rendered useless if the insight and remediation guidance are not integrated into the daily operational support systems and workflow. The challenge is that typical Enterprise systems – risk, software development, and ticketing systems were not built to capture output from a Vulnerability Management solution. By creating an integrated workflow so that prioritized alerts and guidance are placed in the hands of the IT Support teams on their system of choice – remediation times can be drastically reduced.
To determine the meaning of each incident and what it truly represents in terms of real risk to the business, it takes a human – a skilled security expert – to make that assessment. And we call the overlay of human security expertise on top of the automated scanning tools – a hybrid approach. And it is smart in many ways. One of the most important benefits is simply taking out the noise – the false positives. The automated scanning tools enable the Vulnerability Management Program to scale, and the human dimension enables depth and accuracy.
If you would like to learn more about the value of Smart Vulnerability Management approaches, click the link below for your free White Paper:
Marketing Executive of Edgescan