Vulnerability - although the dictionary or thesaurus provides us with various meanings, there`s not really one that sums up the havoc that a relatively small word can wreak on a company`s IT architecture.
Translated, vulnerability is a hardware or software weakness that leaves a system vulnerable to assault, harm or unauthorised exploitation - internally or externally - thereby resulting in unacceptable and unnecessary risk to business-critical information.
Vulnerabilities can arise from a number of causes. The most commonly known are usually associated with error or bugs, albeit unintentional, in software products. Another source is mis-configured non-secure systems - again leaving it open to attacks.
Well-known vulnerabilities over the past years include Nimda, Code Red, SQLSlammer and others. And as we all are well aware, each has caused millions of rands of damage to enterprise networking, including networking downtime for a number of weeks.
OK, so where does this leave us? How do we fight such a formidable component that seems to be beyond our control at times? A firewall, an anti-virus solution - not even close.
Vulnerability management is the key - offering a best practices-based approach for the discovery, remediation and assessment of vulnerability-related risk across the entire lifecycle.
According to Gartner, effectively managing vulnerabilities is a complex task fuelled by the need to reduce overall risk as well as meet regulatory requirements.
"A successful vulnerability management programme should include security configuration and administration policies, in combination with processes and technologies to discover and remediate vulnerabilities. Gartner predicts that enterprises that implement a complete vulnerability management solution will experience 90% fewer successful attacks."
An effective and complete vulnerability management solution should, therefore, feature the following eight critical elements - adapt, report, analyse and monitor, notify, remediate, plan and prioritise.
Quite a mouthful, but critical to the success of any vulnerability management strategy. Also, it is critical to partner with a solution provider that not only offers the product but the expertise to implement a complete and successful vulnerability management strategy.
Looking at other critical components of vulnerability management, it`s important that we focus on patch management, but more importantly, automated patch management. In the past, patch updates and new vulnerability advisories required enormous research and management effort.
Now through solutions such as our eTrust Vulnerability Manager, the patching process is automated, reducing administrative costs and risk exposure through automated, structured patch remediation and effective test procedures.
Other eTrust Vulnerability Manager features include:
* Discovery and profiling of assets;
* Tracking of emerging vulnerability alerts;
* Analysis of vulnerabilities across all enterprise assets;
* Automatic notifications of vulnerabilities via e-mail;
* Prioritisation based on business impact;
* Planning and testing of remediation measures;
* Automated remediation; and
* Documentation as required for validation and/or regulatory compliance.
Share