Monthly Archives: April 2019

Vulnerability Management vendors and Vulnerability Remediation problems

It’s not a secret, that Vulnerability Management vendors don’t pay much attention to the actual process of fixing vulnerabilities, that they detect in the infrastructure (Vulnerability Remediation). Although it seems to be the main goal of VM products: to make vulnerabilities fixed and whole IT infrastructure more secure, right?

In fact, most of VM vendors see their job in finding a potential problem and providing a link to the Software Vendor’s website page with the remediation description. How exactly the remediation will be done is not their business.

Vulnerability Management vendors and Vulnerability Remediation

The reason is clear. Remediation is a painful topic and it’s difficult to sell it as a ready-made solution. And even when Vulnerability Vendors try to sell it this way, it turns out pretty ugly and does not really work. Mainly because the Remediation feature is sold to the Security Team, and the IT Team will have to use it.

Continue reading

Why Asset Management is so important for Vulnerability Management and Infrastructure Security?

When people ask me how should they start building Vulnerability Management process in their organization (well, sometimes it happens), I advice them to create an effective Asset Management process first. Because it’s the foundation of the whole Infrastructure Security.

Asset Management. Because someone has to clean up this mess.

The term “Asset Management” has different meanings and if you start to google it, you will get some results related mainly to finance sphere. I use this term as Qualys and Tenable. For me Asset Management is the process of dealing with network hosts.

So, what should you do in situation described in the tweet above, when you don’t know exactly how many Windows hosts you have in your corporate IT environment? And, more importantly, why do you need to know?

Continue reading

Can a Vulnerability Scan break servers and services?

The most serious problem of Vulnerability Scanners is that they are too complex and unpredictable. Usually they don’t affect the target hosts, but when they do, welcome to hell! And if you scan huge infrastructure, tens thousands hosts and more, it’s not “if” the scanner will break the server it’s “when” it will do it.

As a responsible person for Vulnerability Management you will be also responsible for all the troubles that VM product can make in the IT infrastructure. And what will you say to the angry mob of your colleagues from IT and Business when they will be quite curious to know why did the service/server go down after the scan? Actually, it’s not much to say.

Continue reading