After Vulnerability Detection Comes PrioritizationPrioritization is incredibly important, and if not automated, hugely time-consuming By: Shaun Donaldson, Product Marketing
- Knowing where your assets are and if they are vulnerable is only the first stage
- Prioritization involves a lot more than considering the severity score of a vulnerability
- Intelligent automation accounts for your unique environment and saves time
Knowing what assets you have and if they are vulnerable is a great start
There are several challenges in building a valuable vulnerability management program. Understanding where and what your assets are via discovery and performing vulnerability detection scans is the first big step. Tools that automatically search your network and probe systems and web applications for vulnerability detection are a must. In today’s highly dynamic hybrid and multi-cloud environments, systems can be installed in an instant, while legacy systems may be quietly churning away, overshadowed by the demands of new projects. Overlooking assets will ultimately lead to an increased risk profile of your organization.
Automated asset discovery coupled with vulnerability detection is the straightforward first step of vulnerability managment.
Vulnerability Prioritization is a problem
Lists of assets and vulnerabilities are a good start. But given the sheer number of security vulnerabilities, these lists raise an important question: Now what? For many, the answer is mitigation. This includes applying patches from vendors, creating and deploying fixes for in-house software and web applications, adjusting network and permissions controls, and myriad other activities. This raises another question: Which of these should I do first?
Vulnerability prioritization involves considering some basic factors:
- The likelihood that the vulnerability will be exploited
- If it is exploited, the level of impact it will have on the business
Traditional approaches heavily rely on the severity score of the security vulnerability for prioritization. The problem is that severity scores have limited granularity, and do not inform the likelihood of exploit within the context of your environment. Many factors are at play in assessing a vulnerability’s risk for your organization. For example: Is there a widely available exploit? Is the vulnerability remotely exploitable? Is the asset remotely available (directly or indirectly)? And so-on.
Likewise, the impact of a security vulnerability being exploited depends on many other contextual factors, not just the severity score. How important is the asset? Are there other vulnerabilities on the same asset, or nearby assets, which increase the risk?
The number of factors to consider quickly multiplies. This in turn creates a need for huge manual effort and deep and diverse security knowledge to address prioritization.
Effective prioritization leads to better outcomes
A comprehensive vulnerability management solution should accurately prioritize vulnerabilities automatically. Ideally, a solution will consider many factors beyond a severity score to provide accurate and detailed prioritization. It should be based on global information such as activity on the dark web, availability of viable exploits, and other information which is evaluated within the context of your environment.
With prioritization in-hand, organizations can better assess their risk, and confidently plan where mitigation efforts are most effective. This is why users of Secureworks® Taegis™ VDR report large increases in productivity and efficacy for their vulnerability management programs. Intelligent automation and prioritization is the only way forward for vulnerability management today. Secureworks offers a free Taegis VDR demo if you’d like to see for yourself.
You Might Also Like: