Remediation capabilities of Vulnerability Management products

Vulnerability scanning and vulnerability management. This terms are often used synonymously. However, most top security vendors and institutions, express an opinion, that vulnerability management is a more complex process that includes vulnerability scanning (vulnerability assessment in general), remediation and some other stages, like asset management and risk assessment.

Vulnerability Management Lifecycle

Remediation in most cases, does not mean that the vulnerability management product automatically tries to patch vulnerable system, but rather provide functionality to control remediation process. In other words, it contains a built-in task tracker, where security administrators could assign tickets (manually or automatically) on system administrators to patch or reconfigure vulnerable systems. For example, such functionality is implemented in Tenable Security Center and Qualys Cloud Suite.

NB: In most cases, but there are exceptions, as ERPScan, Secpod Saner or ConfigOS. This solutions can actually update vulnerable systems automatically.

In Qualys Cloud Suite users can assign and check status of the remediation tickets. Ticket may be assigned per host or per vulnerability. Tickets can be created automatically as security scan is finished or manually by user.

Qualys ticket list

Ticket updates in Qualys Cloud Suite occur automatically and resolved tickets may be automatically closed after vulnerability scan. Users may receive a daily email notification with ticket updates. Remediation behavior is configured with remediation policies. In remediation policies users can set match conditions for creation of the ticket, to whom remediation tickets will be assigned and expected ticket resolution date.

In Tenable Security Center users can create tickets manually or automatically. Ticket may be classified as one of the following issues: Information, Configuration, Patch, Disable, Firewall, Schedule, IDS, Accept Risk, Recast Risk, Re-scan Request, False positive, System Probe, External Probe, Investigation Needed, Compromised System, Virus Incident, Bad Credentials, Unauthorized Software, Unauthorized System, Unauthorized User or Other. To demonstrate the problem Query View can be added to the ticket.

Creating ticket in Tenable Security Center

Automated assignment of the tickets may be achieved with Alerts. In Action section of the Alert user should choose Assign Ticket option and then specify Name, Description and User for assignment. Ticket can be created right in Vulnerability Analysis window either.

tenable2

As we see, remediation capabilities make possible to perform basic task tracking in Vulnerability Management solution. However, it often happens that the companies have already implemented other universal tool for managing tickets and when security administrations offer system administrators to use another specialized task tracker to control system patching it can cause anger and even sabotage. Therefore, even if your vulnerability management solution has remediation features, it may be reasonable to consider the integration with external task tracker.

2 thoughts on “Remediation capabilities of Vulnerability Management products

  1. Pingback: VM Remediation using external task tracking systems | Alexander V. Leonov

  2. Pingback: Seccubus installation and GUI overview | Alexander V. Leonov

Leave a Reply

Your email address will not be published. Required fields are marked *