• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Why you must prioritize vulnerabilities

September 22, 2016 by Tim White

security vulnerabilities

123/rf

The following is a guest post by a 2016 Secure360 Wisconsin Gold Sponsor Qualys.

If you are an information security professional, you’ve probably experienced vulnerability disclosure overload. This ailment strikes when infosec pros grapple with the constant release of vulnerability announcements, amounting to thousands per year.

The truth is that no IT department has enough staff and resources to promptly patch every single vulnerability within its environment. As a result, infosec teams must be highly selective when drafting their vulnerability remediation plans. They must strategically address the threats that represent the highest risk to their organization at any given point.

Attempting to eradicate 100 percent of vulnerabilities sequentially, by treating them all as equally important, is impractical and dangerous.

A comprehensive, continuously updated view of all your IT assets

When attempting to prioritize vulnerability remediation, it’s what you don’t know that hurts you. At the most basic level, this means being aware of all the hardware and software in your organization, from high-end systems to mobile apps. There can be no “phantom” servers, PCs, smartphones, tablets, printers, applications, middleware and the like lurking in your network without your knowledge. You must have a complete, unobstructed view of your IT environment at all times, and be instantly aware of its changes.

In addition to having a complete list of your IT assets, you need granular, detailed access to the components of each one. You must understand how extensively each asset is interconnected with and dependent on other systems. Finally, it’s critical to know what is the role of each asset in your overall IT environment and how valuable and important it is to your organization. Absent this underlying information structure, your attempts to assess vulnerability risks will be ill informed and ultimately erratic and ineffective.

Knowledge of the constant stream of infosec vulnerability disclosures

Just like you must have a clear and deep knowledge of your organization’s IT assets, you also need to plug into the firehose of external vulnerability disclosures, so you’re aware of the latest threats out in the wild. This disclosure information flows uninterrupted from multiple sources, including industry groups, government agencies, academic researchers, technology analysts and security vendors.

For example, you must be aware of “zero day” vulnerabilities being actively exploited, publicly available exploit code, actively attacked vulnerabilities, “lateral movement” vulnerabilities that let hackers use a compromised system to attack other machines on the same network, vulnerabilities with high data loss potential, Distributed Denial of Service (DDoS) attacks and malware outbreaks.

You need to mesh both sets of internal and external data — your IT asset information and disclosed vulnerabilities — and correlate them. And you need to be doing this continuously, so you’re alerted whenever there is a match. You also must be able to proactively conduct specific searches, combining multiple variables, to find assets that may be potentially at risk. This will give you a dynamic snapshot of all the vulnerabilities that exist in your IT environment at any given moment.

Dashboards, control panels, graphing and reporting tools to visualize your threat landscape

Once you have correlated your internal and external threat data and identified impacted IT assets, you must be able to drill down on the data, mine it for patterns, slice and dice it, aggregate it in custom reports and represent it graphically.

This analysis of the data will allow you to extract insights and gain an awareness of your security posture that you otherwise wouldn’t have access to.

Precise assessments of threat scenarios in your organization’s specific context

Finally, you’re now ready to factor in various criteria for assessing how critical certain threat scenarios are in your organization’s specific context using actionable intelligence.

Let’s say there’s vulnerable database software that is being savagely exploited in the wild, causing chaos in many companies. And you happen to have one instance of it. However, in your environment this database is only present in a system of marginal importance that is isolated from the rest of your infrastructure. You determine that if that asset were compromised, the risk to your organization would be trivial.

Likewise, you may encounter the opposite scenario, in which a vulnerability that isn’t attracting much attention in the industry may be a critical one for your organization.

Qualys ThreatPROTECT

Qualys ThreatPROTECT lets you take full control of evolving threats so you know which vulnerabilities to remediate first. Qualys ThreatPROTECT correlates active threat intelligence information with your vulnerability data, allowing you to pinpoint the IT assets that are at greatest risk within your organization. With ThreatPROTECT, you get a holistic, contextual and continually updated “at a glance” view of your threat exposure.

The latest addition to the Qualys Cloud Platform, ThreatPROTECT features a highly customizable dashboard with a variety of report templates and graph-creation capabilities. It also has a powerful search engine, and a live threat intelligence feed. ThreatPROTECT fine-tunes your IT department’s vision and guides it with actionable intelligence through the process of closing security holes in a precise, strategic manner.

Filed Under: Guest Posts

About Tim White

With over 15 years of experience in IT GRC, he has worked with a variety of large enterprises over the years shaping products in the industry.  He also has significant experience in other areas of Information Security working with products ranging from Firewalls, Network Security, and Host Security.

Juan C. Perez, a longtime technology journalist, works in Qualys' marketing department writing and editing a variety of content, including white papers, product data sheets, conference materials, solutions briefs, blog posts and bylined columns.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: Spots are filling fast & you don't want to miss these benefits! Register as a #Secure360 sponsor to show off the la… https://t.co/aqNcbZ25Ek
    about 2 days ago

  2. Secure360 Conference
    Secure360 Conference: Really interesting read from our Diamond #sponsor, @Cisco! Learn how to build #resiliency through a year of change https://t.co/GTWe6a0W3A
    about 2 days ago

  3. Secure360 Conference
    Secure360 Conference: We are partnering with @cioreview for #Sec360 coming up on May 11-12, 2021. #CIOReview is a technology magazine tha… https://t.co/RD0vKU5Vrn
    about 2 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.