Vulnerability Management | Open Source and GDPR-compliant (original) (raw)

What does vulnerability management mean?

Vulnerability management is an IT security process that aims to find vulnerabilities in the IT infrastructure, classify their severity and, in addition, provide a list of actions to be taken to address the vulnerabilities. The goal is to eliminate vulnerabilities so that they can no longer pose a risk.

How does vulnerability management work?

Vulnerability management is an IT security process that focuses on finding vulnerabilities in the IT infrastructure, classifying their severity and additionally providing recommendations for remediation measures. The goal is to eliminate vulnerabilities so that they cannot be exploited by cyber criminals.

The OPENVAS SCAN Appliances uses the OPENVAS ENTERPRISE FEED. This is a collection of over 100,000 vulnerability tests (VTs). Put simply, for every known vulnerability, there is a vulnerabiliaty test that detects that exact vulnerability on the active elements of the IT infrastructure – desktops, servers, appliances, and intelligent components such as routers or VoIP devices.

The scanning service runs the tests on the network to be tested and thus detects existing vulnerabilities. These are rated according to their severity, which enables prioritization of remediation actions.

What are the costs of vulnerability management?

The price of our solution is always based on the environment to be scanned. Depending on whether you are interested in a virtual appliance or a physical appliance, our solutions cost between a few euros per month to several hundred thousand euros.

How much time does vulnerability management take?

Vulnerability management is not a one-off operation, but an ongoing process that is firmly integrated into IT security. The steps from the detection to the elimination of vulnerabilities run continuously in a constant cycle.

The duration of a scan always depends on the number of systems to be scanned or IP addresses to be scanned. Vulnerability management makes sense for any size of system, but can run for several hours as a background activity depending on the complexity of the respective scan.

We already have firewalls. Does vulnerability management still make sense?

Absolutely, because the systems mentioned focus on attack patterns – looking from the inside out. The goal is to ward off attacks that are actually taking place. Firewalls or similar systems therefore often only intervene once the attack has already happened.

In contrast, vulnerability management looks at the IT infrastructure from the outside in – similar to the perspective of attackers. The goal is to close vulnerabilities that could be exploited by potential attackers so that an attack does not even occur.

High-quality firewall systems may detect vulnerabilities, but unlike vulnerability management, they do not offer a solution approach for a detected vulnerability. In addition, firewalls, IDS or IPS systems also only detect vulnerabilities if the system allows it at all, and then only on the data traffic that passes through the respective security system.
Traffic that does not pass through the security system is not analyzed. If a Greenbone solution is in the network, every component that can be reached via an IP connection can also be checked for vulnerabilities, regardless of which device it is. This therefore also applies, for example, to industrial components, robots or production facilities.

A combination of both vulnerability management and firewall & co. is the best solution. With vulnerability management, other systems can be focused specifically on hotspots.

What is the difference between patch management and vulnerability management?

Patch management involves updating systems, applications and products to eliminate security vulnerabilities.

Vulnerability management is used to find, classify and prioritize existing vulnerabilities and recommend measures to eliminate them. Such a measure can be a patch, for example.

Patch management thus presupposes vulnerability management. After all, it only makes sense to patch if existing vulnerabilities are known.

In addition, patch management usually only works in IT components, but not in industrial plants and control systems, for example.

Furthermore, a patch management system requires extensive and controlling admin intervention, since not every patch is useful or uncritical for the respective system. Often, new patches also bring new vulnerabilities that a patch management system does not detect.

Patch management is a useful complement to vulnerability management an, as these systems can in turn automate patching. Under certain circumstances, our vulnerability management can also provide information directly to a patch management system, so that patching can be performed directly on the basis of security-critical assessments.

Do I need vulnerability management even if I am installing updates on a regular basis?

Yes, even with regular updates and patches, vulnerability management makes sense.

For example, system dependencies often do not allow an up-to-date patch. Possible reasons for this could be that special business-critical applications could lose their certification as a result or functions could be impaired.

In addition, there is not a patch for every vulnerability, or updates repeatedly create new vulnerabilities themselves. These are often not detected if no vulnerability management system is in use, which automatically checks all components again and again.

Furthermore, even a software version with current updates cannot rule out misconfigurations that lead to vulnerabilities. Classic examples of this are an administrator password “12345678” or file system shares with accidental Internet opening.

Another disadvantage for OT components is that updates cannot be automated in most cases.

Is vulnerability management getting better with continuous patching?

Yes, continuous vulnerability management combined with patch management will gradually result in a much more resilient environment.

What are the biggest challenges with vulnerability management?

The biggest challenge is the initial setup and integration into the networks. But even this is possible for all our solutions within a very short time. In addition, you will receive support from Greenbone at any time.

Since it is recommended to work with different scan plans, a comprehensive asset management is required in advance of the vulnerability management to distinguish critical from less critical assets.

What are the key requirements for vulnerability management?

These days, all companies, no matter how large they are or what industry they belong to, are increasingly the focus of attackers. The most important prerequisite for vulnerability management is that those responsible in the company are aware of this fact and are willing to take appropriate preventive measures.

It is also important that you, as a potential customer, inform yourself in detail in advance: Have the performance of the solution shown to you in a test and inform yourself extensively about the acquisition and all running costs. Further technical requirements are not necessary, as the mere integration is very simple.