The VM Lifecycle represents the process and series of critical stages to identify and remediate vulnerabilities/weakness to attacks and exploitation of discovered findings.

Discovery

Detect and interrogate system assets

• Devices, platforms, applications

Identify all assets

• Identify assets that need to be monitored

• The intent is to ensure no vulnerable devices are overlooked

Prioritize Assets

Determines the priority of discovered assets

• What assets are most business-critical?

• What assets require immediate attention?

• Helps focus resources

Patching all assets at once is likely not feasible. Ensure to collaborate with asset owners and stakeholders to determine asset priorities

Assess

Determines if a vulnerability exists in the system

• Compares assets to known vulnerabilities

• Determine Risk score (CVSS, VRT, etc)

Reporting

Presents assets and vulnerabilities in a form to view findings

• Compile discovery with identified vulnerabilities

• Usually categorized by priority, location, etc

• Tailor reports for various audiences

Remediate

Takes action on a vulnerability

• Apply patches

• Initiate compensating controls

• Accept the vulnerability/risk

Verify

Verifies that a remediation was successful or effective

• Was vulnerability resolved?

• Is further action needed?

VM Lifecycle Challenges

Incomplete asset information - Effective discovery requires both asset identification and the information about the contents of each asset

Incomplete asset lists - Out-of-date asset lists and mixed data sources can prevent discovery from providing complete asset accountability for a thorough risk evaluation

Overwhelming scan data - Prioritization helps target efforts for the most critical assets from the most serious threats

Organizational communication - Frequent communication, reports, system dashboards, and notifications help keep teams informed for required patching/updates

Vulnerability Identification - Vulnerability data must be up to data and relevant from authoritative sources

Timely Remediation - Efforts must be timely, organized, and effective with specific assignments and accountability

Process Tracking - Verification helps assure that remediation is successful with no new vulnerabilities exposed