Network Vulnerability:
Remediation of network vulnerabilities before exploits strike is the golden ideal for every organization. Proactive remediation strengthens security by removing the exploitability of assets. This is the safest of all states, and helps to ease a traditional reliance as the primary protection against hackers and other network borne threats. Documentation of regular, ongoing network vulnerability remediation is also a common network security requirement of laws and regulations such as PCI, GLBA and HIPAA.
While remediation is the ideal, cyber thefts of tens of millions of personal and corporate records at TJX Companies, DSW Inc., CardSystems Solutions, Inc. and many others show that some organizations need to work harder at proactive security. Effective remediation entails continuous processes that together are called Vulnerability Management. The workflow and related technology defined by vulnerability management help organizations to efficiently find and fix network security vulnerabilities and document compliance.
This guide describes the major workflow processes of vulnerability management and how QualysGuard, as an on demand software-as-a-service (SaaS) automates most of these for fast, cost-effective remediation and compliance documentation.
II. Network Vulnerability Management Improves Security
Most remediation entails fixing mistakes in software. The standard assumption of 5 to 20 bugs in every thousand lines of software code means risk is soaring as implementers of large new object-oriented applications tap untested modules and protocols. Realistically, software bugs will always be a problem so pro-actively detecting and fixing issues will continue to be an organizational priority. Vulnerability management is done to:
- Fix faults in the software affecting security, performance or functionality.
- Alter functionality or to address a new security threat, such as by updating an anti-virus signature.
- Change a software configuration to make it less susceptible to attack, run faster or improve functionality.
- Use most effective means to thwart automated attacks (e.g. worms, bots, DOS, etc.)
- Document the state of security for audit and compliance with laws, regulations and business policy.
III. Automating Network Vulnerability Workflow Is Crucial
Consistent, ongoing execution of vulnerability management and policy compliance is difficult, if not impossible to do on a manual basis. There are simply too many “moving parts” to juggle and act on in a timely and cost-effective manner. QualysGuard allows organizations to automate most network vulnerabilities for effective network vulnerability management and policy compliance – particularly the most time consuming and manually error-prone.
QualysGuard Automates Steps of Network Vulnerability Workflow
#1 Create Security Policies and Controls
Policy creation and management is critical first step in network vulnerability for organizations. Enterprise policies start at the top of an organization and require executive oversight. Policies determine the nature of controls used to ensure security, such as standard configurations for all security devices and applications including antivirus, firewall and intrusion detection/prevention. Policies and controls should include servers, network services, applications and endpoints. Policy management used to be a manual, cumbersome process.
New software tools can automate policy management and enforce configurations on endpoint devices. Automation saves time, improves accuracy and lowers total cost of ownership. QualysGuard helps execute security policies by testing controls, quickly identifying and remediating network vulnerabilities, and documenting compliance. The QualysGuard API enables data from Qualys- Guard to automatically funnel into third-party solutions for policy management, risk correlation and enterprise security management.
#2 Track Inventory and Categorize Assets for network vulnerabilities:
You need to find vulnerabilities before you can fix them. This step sets an evaluation baseline by creating and maintaining a current database of all IP devices attached to the network. Organizations should categorize assets by business value in order to prioritize their network vulnerability remediation efforts. Elements in the database include all hardware, software, applications, services and configurations.
Tracking this level of detail provides two benefits. The data enables your organization to identify which network vulnerabilities affect particular subsets of the IT infrastructure. In addition, an accurate inventory ensures that the correct patches are selected and applied during remediation. The tracking inventory also helps speed the scanning process because it limits scans to devices affected by particular vulnerabilities.
You can track these data manually, but vulnerability management is much more effective by automating the entire discovery and tracking inventory process on demand with QualysGuard.
#3 Scan Systems for Network Vulnerabilities
A vulnerability scan tests the effectiveness of security policy and controls by examining network infrastructure for vulnerabilities. The scan systematically tests and analyzes IP devices, services and applications for known security holes.
