Vulnerability management covers a wide area, but primarily it identifies weak or sensitive areas of a business’ security posture and addresses them. It is the process of identifying, analysing, risk-assessing and remediating vulnerabilities found across the organisation, whether these be software, personnel, security or assets.
One of its components is security engineering, which essentially looks after the heavy lifting of a Security Operations Centre (SOC). The Security Engineering Division helps to build, deploy and maintain the tools, applications and systems needed for security analysis.
This team is responsible for keeping systems patched, keeping them operational and, when they do break down, fixing them so that they are continually uplifted to the highest capability possible. This is important, as it ensures that both the analysts performing security monitoring and the vulnerability management administrators are always in a position where they have instant access to what they need to be effective.
There is sometimes confusion between vulnerability management and vulnerability assessment, and they are certainly linked. But the simple difference is that the former identifies and evaluates treats and reports on vulnerabilities, while assessment is purely a review of weaknesses in a system and doesn’t involve treatment.
Common types of vulnerability
The list of possible vulnerable areas in an organisation’s cyber security is as long as a piece of string, but common ones include:
Unpatched software – is one of the most prevalent vulnerabilities and allows attackers to run malicious code by leveraging known bugs in software that hasn’t been patched.
Misconfigurations – refers to running unnecessary services with vulnerable settings or unchanged exploitable defaults.
Weak credentials – allow attackers to utilise tools that enable them to perform ‘brute force’ or ‘dictionary’ attacks (using a table of common and random terms accompanying their user IDs to try and guess people’s weak passwords).
Phishing web and malware – are leading degrees of compromise where attackers attempt to obtain information or persuade people to inadvertently execute code that gives the attacker a foothold into the customer’s environment.
Trust relationship – refers to a practice that, while no longer as common as phishing, entails attackers exploiting trust relationships set up to permit or simplify access between systems.
Compromised credentials – is where attackers are able to access users’ credentials and get into systems in order to pivotally or laterally move.
Malicious insider – involves an employee with access to critical systems using it to destroy or impair a company’s capability.
Encryption – is again fairly uncommon, but describes attacks on poor or missing encryption allowing attackers to intercept communication between systems and steal information.
Zero-day – refers to specific software vulnerabilities that are known to the adversary, but for which there are currently no fixes available because the bugs have yet to be reported to the vendor.