Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to defend and repair vulnerabilities in network security". The content is simple and clear. I hope it can help you solve your doubts. Let me lead you to study and learn the article "how to defend and repair vulnerabilities in network security".

Vulnerability management is an indispensable part of enterprise security construction. In risk management, vulnerability management can be used as a precaution. Enterprises have extensive infrastructure and practical experience on vulnerability management. However, with the development of attack and defense technology, the security technology and management process of traditional vulnerability management begin to face more and more challenges.

Internally, a loophole management system has been developed, with special personnel responsible for vulnerability scanning and repair, but emergency loopholes are still in a hurry, still struggling to deal with loopholes that continue to be discovered, and loopholes are always found when they are subject to regulatory inspection. From an external point of view, vulnerabilities have become one of the hot topics in the current IT field. First of all, from the perspective of unequal attack and defense, the use of vulnerabilities by attackers has already formed industrialization, and the time window for attackers to exploit vulnerabilities is much smaller than that for defenders to complete vulnerability repair. Secondly, with the development of information technology, the promotion of a large number of applications will inevitably bring a large number of loopholes. How to improve the level of vulnerability management in enterprises has become a problem that security managers need to think about, and vulnerability repair is particularly important in vulnerability management.

I. current situation of vulnerability repair

First of all, understand the main reasons that affect vulnerability repair: with the growth of business, the number of assets is also growing crazily, and the disclosure of external vulnerabilities is increasing year by year, resulting in an increase in the number of corporate vulnerabilities. The speed of vulnerability repair is far below the speed of loopholes, which will lead to a backlog of vulnerabilities year by year and form persistent problems of enterprise vulnerability management. Loophole management mechanism is established within the enterprise, but a very important part of loophole management is process management, which involves the coordination of many departments within the enterprise, and the responsibilities of loophole managers are not clear. Lack of leaders to supervise the implementation. As a result, enterprise loophole management is reduced to empty talk. The lack of quantitative indicators of vulnerability repair within the enterprise leads to unclear results of vulnerability repair, no specific quantitative indicators to restrict the personnel responsible for vulnerability management, and no way to reward the personnel responsible for vulnerability management, resulting in a decline in the enthusiasm of the relevant personnel. Vulnerability repair work involves a wide range of assets, some vulnerability repair work requires high technical requirements, operation and maintenance personnel are difficult to repair, and need more effective, more comprehensive and more authoritative vulnerability solutions to guide operation and maintenance personnel to repair loopholes. relying on traditional technology, it is difficult to completely cover all vulnerability repair solutions.

II. Ways to improve vulnerability repair work

Vulnerability repair work as the core of vulnerability management, relying on traditional vulnerability scanning devices or solutions can no longer meet the current problems encountered in vulnerability repair. Enterprises need to use new technical means to build their own vulnerability management platform to achieve vulnerability management, and the construction of vulnerability repair in the construction of vulnerability platform can consider the following directions.

1. Vulnerability repair priority

The concept of vulnerability repair priority is introduced into the vulnerability repair work, and the reference factors of vulnerability repair priority can include asset importance, vulnerability POC, asset defense, vulnerability heat and so on. At the same time, the absolute condition factor is used to filter vulnerabilities. The absolute condition is that vulnerabilities that meet these conditions will only have two extreme scores of 0 or 100 according to the priority score. For operation and maintenance personnel, they can judge whether to repair such vulnerabilities according to their scores. One is the situation that must be repaired: for example, important assets facing the Internet can be found to exploit high-risk vulnerabilities. One is the situation that cannot be repaired, such as the core business system that is physically isolated internally. When the vulnerability priority score is used to fix the vulnerability priority, the final priority score needs to be manually modified to ensure that the priority is of reference value. The concept of vulnerability repair priority is to solve how to make better use of enterprise resources to deal with more urgent vulnerabilities in the face of a large number of vulnerabilities.

two。 Optimization of vulnerability repair process

Binding each link of the vulnerability repair process with response personnel is not only limited to different operation and maintenance personnel or security personnel, but also requires the corresponding leading decision-makers to join to improve the efficiency of vulnerability repair response. at the same time, supervise the progress of the vulnerability repair process. The vulnerability repair process must be strictly clear:

(1) the vulnerability discovery phase is carried out by the enterprise security personnel, and then the discovered vulnerabilities are transferred to the corresponding asset operation and maintenance personnel; (2) the vulnerability handling phase is carried out by the operation and maintenance personnel to take corresponding actions against the vulnerabilities. To accept the risk is for the operation and maintenance personnel to judge according to the actual situation, such as the impact of the business, the importance of assets, etc., the operation and maintenance personnel can manually change the vulnerability status between waiting to be repaired and accepting the risk. A single ignore is to ignore the vulnerability in this scan, but the next scan will scan the loophole, and permanent ignore means to ignore the loophole forever in the future, unless the vulnerability is manually transferred to the discovery. (3) in the vulnerability verification phase, security personnel and operation and maintenance personnel cooperate with each other; when the operation and maintenance personnel convert the loophole to be repaired, the security personnel must review the vulnerability repair situation. If the loophole still exists in the scan again, it will be classified as repair failure, and the loophole that failed to be repaired should be re-transferred to the vulnerability discovery state. If the loophole does not exist in the scan again, it will be classified as verified state. At the same time, if the loophole reappears due to changes in the asset itself in the later scanning process, the vulnerability status will be changed to rediscovery, and the rediscovered vulnerability should be transferred to the state to be repaired in time. (4) in the process of transforming the process from vulnerability discovery to vulnerability repair, leading decision-makers must be aware of it, in order to achieve the purpose of supervising the normal and effective operation of the vulnerability management process; (5) at the same time, regularly output vulnerability repair reports to the leading decision-makers to make them understand the current situation of enterprise vulnerability management. (6) track and audit each transition of vulnerability repair, record the repair time, processing personnel and processing feedback, etc.

3. Quantification of vulnerability repair

In the work of vulnerability repair, each department or subsidiary of the enterprise is regarded as a statistical object of vulnerability repair, and the repair results are counted regularly, such as the number of vulnerabilities repaired, the time it takes to repair vulnerabilities, the success rate of repairing vulnerabilities, etc., through the unified display of vulnerability management platform, regular notification within the enterprise, or even the introduction of performance system, and the use of the concept of quantitative vulnerability repair to improve the enthusiasm of vulnerability repair personnel. At the same time, the quantitative way of vulnerability repair enables enterprise managers to clearly understand the current situation of vulnerability management, and provide a better basis for the decision-making of vulnerability management.

4. Vulnerability repair knowledge base

The establishment of the vulnerability repair knowledge base, on the one hand, is to provide operators with a comprehensive, authoritative and effective vulnerability repair guidance plan library; on the other hand, it is also to ensure that the vulnerability repair work can be carried out more effectively and reduce the failure rate of vulnerability repair. The establishment of vulnerability knowledge base can consider three aspects: one is to refer to the standard solution of vulnerability scanning equipment as the basis; the second is to use multi-party threat intelligence data to input more solutions as a reference; third, to manually regularly sort out the verified vulnerability repair scheme as an authoritative standard scheme.

The above is all the contents of this article entitled "how to prevent and repair vulnerabilities in Network Security". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.