Vulnerability Management - Top 20 Security ControlsApril 2021 | Michael Wetherald
Top 20 Critical Security Controls Series
In this article, we continue our blog series on the industry standard top 20 critical security controls -- sometimes referred to as the SANS top 20 or CIS Critical Security Controls. These controls provide your organization a set of best practices for protecting your organization from the most common attacks faced around the world.
POSTER | SANS 20 CRITICAL SECURITY CONTROLS - DL & Print crucial info for defending your org. http://t.co/MbpeDjiwRz pic.twitter.com/nqWx9oRl5t
— SANS Institute (@SANSInstitute) July 3, 2015
Basic Security Controls
Controls 1-6 are considered the basic controls every organization should employ to have a solid foundation to build from:
- Inventory and Management of Hardware Assets
- Inventory and Management of Software Assets
- Vulnerability Management
- Controlled Use of Administrator Privileges
- Secure Configuration for Hardware and Software
- Maintenance, Monitoring and Analysis of Audit Logs
#3: Vulnerability Management
Vulnerabilities are the openings adversaries use to compromise your organization. It's important to implement a calculated strategy for mitigating the risk of any of those vulnerabilities being exploited.
Why Is This Control Important?
Software is continuously updated to patch security vulnerabilities. Adversaries only need to exploit your systems between the announcement of a new exploit and before your organization has had a chance to install the updates which patch that exploit. The longer the time you wait to update systems, the wider the window of opportunity for attackers to compromise your systems.
How to Implement This Control
This control is comprised of methods for implementing an effective strategy to catch those vulnerabilities before your enemies do. This breaks down into two categories, vulnerability scanning and patch management.
Vulnerability Scanning
Vulnerability scanning is the process we'll use to quickly find vulnerabilities in your environment before your adversaries do. Effectively implementing a vulnerability scanning program will involve a combination of tools, policies, and procedures.
Automated Vulnerability Scanning Tools
There are many tools which you can use to scan the systems on your network, looking for hosts which are running out of date software running known vulnerabilities. Run these scans at least weekly to find potential vulnerabilities early.
Authenticated Vulnerability Scanning Tools
Perform vulnerability scans with agents running on each of your machines, or by using remote scanning tools that can remotely authenticate with the hosts. Be sure to use a dedicated assessment account that is not used for any other administrative purposes in order to effectively monitor the proper use of those credentials.
Managing Vulnerability Scan Results
When your vulnerability scans come in, make sure vulnerabilities are used in a risk-rating system to prioritize higher risk vulnerabilities for remediation. These results need to be tied in to procedures for your staff to remediate. Some companies find it worth integrating their scan results automatically with their IT ticketing system. Be sure to compare back-to-back vulnerability scans to verify that your patch management strategies are effectively patching vulnerabilities in a timely fashion.
Patch Management
The other half of this control involves quickly patching systems as updates become available. Expecting your users to patch their systems will not be a good strategy for timely remediation of vulnerabilities. Instead make sure you have a plan for determining when updates are available, and procedures in place to deploy those updates. Or ideally, use automated patch management tools.
Automated Patch Management Tools
Implement automated patch management tools in to quickly deploy patches for software as they come in. These tools should be used to automate patches for both operating systems, software (including third-party software) running on those hosts.
Conclusion
Be sure to check out the next article in our series, where we cover security control #4: Controlled Use of Administrator Privileges
Vulnerability Management is a crucial control for developing the security program at your organization. Viam is here to help guide you through implementing this control at your organization. Contact us today if you are ready to take steps to reduce the cybersecurity risk in your organization.
Michael is the inventor of a patent pending web proxy technology and brings to Viam his expertise in web and Linux security. Outside of work he enjoys carpentry, having built a dog mansion for his spoiled dog.
When criminals compromise your organization will you know? Viam Technologies provides a range of cyber security services.
Contact us today to be prepared.
© 2023 Viam Technologies