Shulou(Shulou.com)06/01 Report--

Vulnerability management

All innovative technologies are beneficial to people. Automation, crowdsourcing, cloud computing, big data, mobile, social engineering, all innovative technologies can be used for *. To make matters worse, * people only need to succeed once, and you need to always be vigilant. In some cases, vulnerabilities can be fully exploited for a long time between software with complex connections in your network, and continuous management of these risks is important for security.

Another challenge you may face is the board's lack of understanding of security and risk reduction and vulnerability management, and you need to do your best to communicate based on risk reduction and avoiding potential impacts.

Vulnerability management guidelines:

A. give priority to high risk: continuously scan the vulnerability of the terminal and deal with the vulnerability of the highest risk as soon as possible.

B, * * people are looking around just like you: they have plenty of resources and need to find a vulnerability that can be fully exploited to enter, and you need to constantly fix vulnerabilities to reduce your security risks.

C, fix loopholes that harm the mission: CVSS provides a useful model for vulnerability ranking, and gives a standard way for different people, departments, and organizations to easily understand. Advanced vulnerability management tools, such as tripwire360, contain more fine-grained models that provide a predictive "heat map" ability to identify areas of the network where high risks are more likely to successfully destroy business and collaboration.

BOOT CAMP

1. Scan frequently: use vulnerability scanning tools to identify terminal weaknesses against the system list, which can be fully exploited in the event of exposure. While many organizations are constantly working for continuous scanning, a significant investment in scanning infrastructure / facilities is necessary to ensure that the evaluation of the scan results is completed. Also, keep in mind that human resources are required to respond to the survey results.

It is realistic for you to choose a frequently scanned target based on the resources you have. For example, weekly evaluation is difficult for one organization, but it is not frequent enough for another organization. You may also want to increase the frequency of scanning to scan more important terminals or internet-oriented systems.

Sort your scan results and send them to the owner of the corresponding system, summarize the survey results for management, and include risk scores to quantify the degree of risk quantification and remedial ranking based on importance. Tripwire ip360 is very good at internal evaluation; tripwire purecloud is also very effective in evaluating Internet-oriented terminals, and fine-grained scoring based on business content information is the key to delivery.

2. Repair, reinforce, repeat: obviously, identifying these problems is useful if you fix them, some problems are fixed using business process management methods, and some problems require less control and configuration changes, anyway, it's an ongoing process.

3. Reports / transcripts: continuous scanning allows you to quickly identify trends in the data, indicate how your risk management process is performing, point out the same risk increase or decrease, and they also help you allocate resources fairly, all of which are communicated in your report, and tripwire's reporting products generate risk reports to help present security situational awareness.

ADVANCED TRAINING

4. Security intelligence sources: like you, people are thinking about using the least resources and the easiest way to work, and using complex processes that run automatically can make it easier to run your network. These tools can make people who lack experience effectively. As a result, your vulnerability risk may increase, as the new automation becomes more effective. Purchase real-time updated policy content, equipment, application detection and vulnerability detection rules, sort the potential impact for the development of tools, especially for the occurrence of serious damage.

5. Carry out in-depth scanning: obtain the administrator's authorization to scan, the trusted evaluation takes longer than the untrusted, but the centralized additional information can significantly improve the accuracy of discovery and evaluation.

6. Combine SIEM with NIPS: a core content behind the development of the connection between various engines is the need to combine terminal vulnerabilities with active vulnerabilities on the network. Comparing information from multiple sources will increase the usefulness and accuracy of the information. The technical advantages of log scanning information obtained through NIPS are integrated into your log management tools. Tripwire log center integrates tripwire ip360 and Cisco firepower NGIPS is a practical application of this technology.

COMBAT READY

7. Automatic repair: if possible, deploy automated repair software to keep the system software updated automatically, and in most organizations, manual efforts are unable to cover the explosive increase in the number of vulnerabilities and the number of terminals affected by him.

8. Limit scanning time and warn against differences: you can detect unwanted search results, define events of interest in authorization and find events of interest, and the external normal business time that occurs in your SIEM and log management. Tripwire log center can help detect this type of behavior.

9. Integrate the scan results into the risk system: merge multi-source risk data to provide a more accurate presentation of corporate risk, which will allow you to manage risk and show improvements in the security posture. GRC, web visualization and free risk management tools can play this role, and merging risk logs will make it possible for business owners to score "*" to high-risk terminals. You need to include potential utilization risks, availability, and * vectors in the report. For example, tripwire's awesome products can integrate risk information.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.