Vulnerability management is considered as an integral part of corporate policy almost in every global standard organization. Author has explained here the emerging trend and associated challenges in this space.

In today’s digitally connected environment, deployment and adoption of newer technologies have enabled the attackers to devise targeted attack vectors without specific knowledge of or physical access to the organization. Almost all organizations today are constantly exposed to threats they never anticipated—worms, viruses, Trojan horses, “low and slow” information thefts, and many more. The fear of revenue loss is thus motivating smart businesses to begin taking proactive measures against vulnerabilities. The concept of Vulnerability Management as a critical process have thus emerged as one of the key focus areas to identify, assess and respond to new threats before they become a reality. This article will outline the key trends in Vulnerability Management (VM), and provide an in-depth look at the challenges and the best practices of each part of the VM lifecycle.

Figure

Industry approach so far….

The first step to implement a Threat and Vulnerability Management Infrastructure function is to establish the security needs of the organization. This starts with a business-led assessment of the organization's security requirements both in terms of the information assets and the risk factors and exposure to vulnerabilities.
Security Risk assessment and management is a next big step that most organizations are like to undertake. It is a reflection of how businesses are likely to get impacted from a security incident, and the realistic likelihood of the occurrence of such an incident. The results of this assessment are then used to determine the appropriate operational procedures for Threat and Vulnerability Management and implementing controls to protect against the risks.

Key Emerging Trends:

Increased Importance on Automation of asset inventory: The most important step that needs to take place in a vulnerability management program is to maintain an inventory of an organization’s assets. This sounds a very simplistic task but many large companies are struggling to get it right. Thus they have started relying on automation of asset inventory to reduce human errors and track assets.  Organizations have realized that automation is the only way to quickly and accurately know if a new vulnerability identified applies to their network and if they should be concerned about it.

Adoption of “periodic” assessment on critical assets: Organizations are increasingly carrying out periodic penetration testing on all critical assets. A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source or intruder. Penetration Tests are also used to simulate inside and outside attack scenarios to have a holistic threat overview.  With increased pressure of compliance and regulations, organizations are also adopting penetration tests as a key strategy to compare results of each successive test and create a desired baseline.

Strong adoption of Web application firewall (and is expected to continue): Organizations have started protecting their web applications by deploying web application firewalls (WAF) that inspect all inbound traffic to the application for common web application attacks like Cross‐Site Scripting, SQL injection, parameter manipulation, and improper access privileges.  Web application firewalls are a new breed of application security technology meant to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code.

Increased adoption automated patch management: As of today, the half-life of critical vulnerabilities is 30 days and mostly doubles as the degree of severity comes down.  Widespread manual patching of computers has proved to be ineffective as the numbers of patches that need to be installed grows and as attackers continue to develop exploit code more rapidly. While patching and vulnerability monitoring can often appear an overwhelming task, consistent mitigation of organizational vulnerabilities can be achieved through a tested and integrated patching process that makes efficient use of automated patching technology.

Log reviews and SIEM is gaining popularity: Various system logs are being used to identify deviations from the organization's security policy, including firewall logs, IDS logs, server logs, and any other logs that are collecting audit data on systems and networks. Large companies have realized that co-relation of the log results provides the security team with alerts and vital clues regarding any unforeseen or attempted attack on the network. This has also led to adoption of SIEM (Security Information and Event Management) tool for log aggregation and consolidation from multiple machines and for log correlation and analysis.

Growing Demand for Exploit Testing Automation: For infrastructure security the market has witnessed a growing demand for exploit testing automation. The vulnerability assessment vendors have started adding advanced capabilities, and penetration testing vendors are likely to add more native VA capabilities. The key driver to this is that for non-web application testing, exploitation is emerging to the key differentiator amongst the vulnerability management vendors. There has also been an emergence in the need for real good automated tools to support professional penetration testers.

—By: RudraKamal Sinha Roy, R&D Head, iViZ Techno Solutions Pvt. Ltd