Vulnerability Management is used to identify out of date software, missing patches, insecure configuration, and misconfigurations before they can be exploited by attackers. It is that extra bit of vigilance to double check cyber security hygiene – make sure you are as up to date you think you are and your patching and configuration processes are working as intended.
Every day, new security breaches and ransomware attacks are announced from out of date patches, configuration errors or access control issues. All of these attacks can be thwarted by maintaining good security hygiene and then systematically testing to ensure everything is working as planned.
You can start with basic network vulnerability scanning and then build on the program, adding in authenticated scans, security hardening scans, penetration testing and web application security assessments over time. The following table provides a basic approach to the testing and frequency for a basic vulnerability management program.
The results from these activities feed security metrics, inform patch management and administrator effectiveness, and when integrated as a Vulnerability Management Program provide an appropriate level of vigilance to protect your organization from attacks.