大规模的数据泄露事件促使许多公司采取更强有力、更主动的管理措施 vulnerabilities in their environments. Yet, 随着企业基础设施变得越来越复杂——包括云和跨越广泛的攻击面——企业发现,要完全了解其生态系统中迅速扩散的漏洞变得越来越困难. Capitalizing on the opportunity, cybercriminals have learned how to exploit chains of weaknesses in systems, applications, and people.
漏洞管理计划通过建立一个全面和持续的识别过程来解决当今的现代网络安全挑战, classifying, remediating, and mitigating vulnerabilities before attackers can take advantage of them.
At the heart of these vulnerability management programs is often a 漏洞扫描器,自动评估和理解整个基础设施的风险, 生成易于理解的报告,帮助企业正确且快速地确定必须修复或减轻的漏洞的优先级.
A vulnerability scanner automates the vulnerability management process, typically breaking it down into the following four steps. It’s important to note that a good vulnerability management process should continually scan for vulnerabilities as they are introduced into the environment, as circumstances can quickly change.
The first and most essential step in any vulnerability process, of course, is to bring to light all of the vulnerabilities that may exist across your environment. 漏洞扫描器通过扫描存在的所有可访问系统来实现这一点从笔记本电脑、台式机和服务器到数据库、防火墙、交换机、打印机等等.
From there, 漏洞扫描程序识别在这些系统上运行的任何开放端口和服务, 登录到这些系统并尽可能收集详细信息,然后将获得的信息与已知漏洞关联起来. 这种洞察力可用于为各种受众创建报告、指标和指示板.
Once you’ve identified all the vulnerabilities across your environment, 您需要对它们进行评估,以便根据您的组织适当地处理它们构成的风险 cybersecurity risk management strategy. 不同的漏洞管理解决方案对漏洞使用不同的风险评级和分数, 但新程序的一个常用参考框架是通用漏洞评分系统(CVSS).
Vulnerability scores can help organizations determine how to prioritize the vulnerabilities they’ve discovered, 重要的是,还要考虑其他因素,以形成对任何给定漏洞所构成的真正风险的完整理解. 同样值得注意的是,漏洞扫描器在极少数情况下会产生误报, 因此,在这个过程的这个阶段,除了风险评分之外,还必须包括其他考虑因素.
After you’ve prioritized the vulnerabilities that you’ve found, 及时与您的原始业务或网络利益相关者合作处理这些问题非常重要. Depending on the vulnerability in question, treatment usually proceeds according to one of the following three paths:
When determining specific treatment strategies, it is best for an organization’s security team, system owners, 系统管理员应该聚在一起决定正确的补救方法——无论是发布软件补丁还是刷新物理服务器.
Once remediation is considered complete, it’s wise to run another vulnerability scan to make sure that the vulnerability has, in fact, been effectively remediated or mitigated.
提高检测和处理漏洞的速度和准确性对于管理它们所代表的风险至关重要, 这就是为什么许多组织不断地评估其漏洞管理程序的有效性. 他们可以利用漏洞管理解决方案中的可视化报告功能来实现这个目的.
Armed with the insights needed, IT团队可以确定哪些补救技术将帮助他们以最少的努力修复最多的漏洞. Security teams, for their part, 是否可以使用此报告监控脆弱性趋势,并将其降低风险的进展传达给领导层.
Ideal solutions will include integrations with IT ticketing systems and patch management to accelerate the process of sharing information between teams. This helps customers make meaningful progress toward reducing their risk. 企业还可以使用这些评估来满足其遵从性和监管需求.
Businesses face growing risks as the attack surface continues to expand, increasing the number of vulnerabilities for hackers to exploit. 漏洞管理程序为公司提供了大规模管理这些风险的框架, detecting vulnerabilities across the entire environment with greater speed. 同时,分析帮助组织不断优化他们用于补救的技术.
With a strong vulnerability management program or managed vulnerability management (MVM) 在适当的情况下,企业可以更好地应对他们不仅今天而且未来面临的风险.