Vulnerability Management

The process of vulnerability discovery and patching. 

Managing a vulnerability through it's lifecycle from discovery to patch is a vital process. For some, this management is automated within the applications and operating systems they use. But for many businesses the risk of automated patching is too great and it must be carefully managed.

Vulnerability Management

Our consultants are engaged to undertake the following on an adhoc basis, or regularly as part of a managed service.

In addition to vulnerability assessment tools, we have a research team who look for new vulnerabilities and report on them via our Cyber Radar Console 

Just because a vulnerability has been detected it doesn't mean that a client is vulnerable to it, our consultants will work with the client to identify their vulnerabilities and help to triage patching if required. To do this, we review the technical details of the vulnerability to see the necessary criteria for exploitation is present.

If the vulnerability does meet the criteria for exploitation, we look at various methods to mitigate the problem:

  • Actual Patching. The vendor of the vulnerable product may have issued a patch to fix the problem, this is often the simplest and most cost effective way to patch the vulnerability.  There are occasions when the vendor has not released a patch for instance with a Zero Day vulnerability, or where the patch itself may prevent the system from working.
  • Virtual Patching (Host). Many antivirus and other host based security applications will have signatures to detect and block the exploitation of vulnerabilities, these are sometimes released before a vendor patch.
  • Virtual Patching (Network). Where the vulnerabilities are exploited remotely, network devices such as firewalls and IPS, which sit inline, may be used to block the attack. There are a number of other security devices and applications which can be used to prevent the exploitation from being successful. 

Our consultant will work with the client to manage the situation and prioritise the patching.

Managed Vulnerability Management

Our consultants can be engaged to undertake Vulnerability Management as part of a managed service in the following ways:

Consultative. As per the the Vulnerability Management Service above, this is often undertaken as part of our vCISO service.

Security Device Management.  It is critical that Security devices such as firewalls, IPS etc are patched in a timely fashion. If a critical patch is released for these devices our client will be notified, whereupon they will make a decision as to whether we patch them immediately or await your next scheduled patching cycle. The patching cycles can be scheduled to match those of the vendors, though most clients opt for monthly.  The client will be notified of any patching required so that they can authorise the deployment and any downtime which might be required.

Endpoint Vulnerability Management.  Our consultants will provide an agent to be deployed onto each host, these agents provide constant vulnerability assessment of their hosts, roughly every 240 minutes. This is especially important for remote and home working staff who may otherwise go for weeks or even months without being checked. The patching cycle is usually every 4 weeks, though you will be notified of any critical patches. The patches won't be deployed without your authorisation.

Find Out More

© Computer Network Defence Limited 2020
For The Latest Updates Please Subscribe to Our Feed
Or Follow Us on LinkedIn