Main SiteSponsorMedium BlogYoutubeDiscordLinkedIN

Vulnerability Management Lifecycle

The VM Lifecycle represents the process and series of critical stages to identify and remediate vulnerabilities/weakness to attacks and exploitation of discovered findings.

Discovery

Detect and interrogate system assets

  • Devices, platforms, applications

Identify all assets

  • Identify assets that need to be monitored

  • The intent is to ensure no vulnerable devices are overlooked

Prioritize Assets

Determines the priority of discovered assets

  • What assets are most business-critical?

  • What assets require immediate attention?

  • Helps focus resources

Patching all assets at once is likely not feasible. Ensure to collaborate with asset owners and stakeholders to determine asset priorities

Assess

Determines if a vulnerability exists in the system

  • Compares assets to known vulnerabilities

  • Determine Risk score (CVSS, VRT, etc)

Reporting

Presents assets and vulnerabilities in a form to view findings

  • Compile discovery with identified vulnerabilities

  • Usually categorized by priority, location, etc

  • Tailor reports for various audiences

Remediate

Takes action on a vulnerability

  • Apply patches

  • Initiate compensating controls

  • Accept the vulnerability/risk

Verify

Verifies that a remediation was successful or effective

  • Was vulnerability resolved?

  • Is further action needed?

VM Lifecycle Challenges

Incomplete asset information - Effective discovery requires both asset identification and the information about the contents of each asset

Incomplete asset lists - Out-of-date asset lists and mixed data sources can prevent discovery from providing complete asset accountability for a thorough risk evaluation

Overwhelming scan data - Prioritization helps target efforts for the most critical assets from the most serious threats

Organizational communication - Frequent communication, reports, system dashboards, and notifications help keep teams informed for required patching/updates

Vulnerability Identification - Vulnerability data must be up to data and relevant from authoritative sources

Timely Remediation - Efforts must be timely, organized, and effective with specific assignments and accountability

Process Tracking - Verification helps assure that remediation is successful with no new vulnerabilities exposed

PreviousGovernance, Risk, ComplianceNextCapture-the-Flag Training

Last updated