WEBINAR EXECUTIVE SUMMARY
It’s So Much More Than Patching
- Vulnerability management is a mindset; a continuous process with a detailed focus.
- Organizations need processes to detect, prioritize, resolve and review threats.
- Employees need to be a part of the business’s vulnerability management plan.
- IT teams need to focus on threat actions, points of entry, and frequency in 2019.
- Adaptiva Evolve VM provides automated next generation vulnerability management.
Security strategy revolves around addressing threats and vulnerabilities, which means ensuring all systems and applications in the production environment are up to date with the proper patches, updates, and system configurations applied.
With so many different systems, technologies, and devices in a single organization, knowing about and remediating every risk is a daunting task.
Vulnerability management processes can help businesses identify and fix high vulnerabilities, but the sheer number of known and yet-to-be-found software issues makes this a daunting, impossible task. Automated solutions, like Adaptiva Evolve VM, allow organizations to quickly identify and resolve issues, decreasing the risk of attack.
Vulnerability management is a mindset: a continuous process with a detailed focus.
Vulnerability management goes beyond just patching operating systems and applications; it’s an enterprise-wide organizational mindset. Because numerous vulnerabilities are released every day, organizations need to have a continuous, detail-focused process to be successful in thwarting threats to their systems.
Watch the webinar to learn more about Vulnerability Management: It’s So Much More Than Patching.
click presenter image to see bio
Vulnerability Management: It’s So Much More Than Patching
Several standards already exist that help organizations define vulnerabilities and develop protocols to manage them.
Vulnerability management standards, configurations, and information.
Scanning & Assessing Vulnerabilities
Security content automation protocol (SCAP) is an open standards-based protocol developed by the National Institute of Standards and Technology (NIST). It includes:
Defines the baseline that should be in place and associated benchmarks.
Several databases are available that identify and define CVEs along with what needs to be done for remediation.
Most compliance standards offer a high level requirement to establish and maintain levels of security. The Payment Card Industry (PCI) standard is more specific and a good starting point for thinking about compliance needs. Section 11 states:
Organizations need processes to detect, prioritize, resolve, and review threats.
Organizations need to develop and follow a vulnerability management process that meets their needs. This includes detecting threats, prioritizing them, deploying resolutions, and reviewing and reporting on outcomes.
We’ve got to make sure the organization is as secure as humanly possible all of the time. It’s more of a culture, a mindset. It’s a way of how we’re going to operate.
IT Pro Today
IT Pro Today
Employees need to be a part of the business’s vulnerability management plan.
Employees across the organization need to understand the importance of vulnerability management and how they can help ensure the business is secure from cyberattacks. Frequent and continuous security awareness training (SAT) helps create a security culture by providing a heightened sense of awareness as well as an understanding of what is important and why.
As part of the training, the security policy and an expectation of employee cooperation with assessment and remediation tasks also need to be communicated to employees.
Employee Security Training Topics
Such as secure and secret passwords that are not shared with others.
Through phishing and other common methods.
How to handle sensitive data.
Such as when a laptop is stolen.
When they occur so they can be responded to immediately.
IT teams need to focus on threat actions, points of entry, and frequency in 2019.
The SANS Institute provides a regularly updated list of the 25 most dangerous software errors. While that list can help identify the latest hot vulnerabilities, the real focus for IT teams in 2019 is on more general concepts of threat actions and point of entry, as well as frequency.
Vulnerabilities to focus on in 2019.
Threat Actions and Points of Entry
What are the bad actors doing and how do they spread their exploits? What points of entry are most vulnerable to an attack?
How often are vulnerabilities exploited and are scans frequent enough for resolution.
Adaptiva Evolve VM provides automated next-generation vulnerability management.
Most organizations cannot keep up with the volume of vulnerabilities, even when using assessment tools. This results in a general philosophy of partial remediation, which can leave them open to attack.
Adaptiva Evolve VM provides an automated, next-generation vulnerability management solution that follows the full cycle of vulnerability management: detection, prioritization, remediation, and review.
Evolve VM resolves vulnerabilities and compliance issues in minutes, rather than the months it can take to detect and remediate security issues. The next generation:
- Is resolution focused rather than assessment focused, designed for finding and fixing problems as quickly as possible.
- Is network protective rather than network intensive; the solution uses peer-to-peer powered assessment and remediation to negate network degradation.
- Triggers remediation automatically rather than waiting on service desk tickets to move through process timelines.
- Uses self-managed automation instead of manual administration.
Attackers don’t necessarily focus on vulnerability severity when they’re planning an attack. They also have first mover advantage and they don’t hesitate to exploit low criticality vulnerabilities.
Vice President of Solutions and Support
Vice President of Solutions and Support