You are in: Articles / Security / Vulnerability management: The basics

Vulnerability management: The basics

(Bill Brenner, NetworkWorld) The more apps companies deploy, the more complicated vulnerability management becomes. In the rush to find every security hole and seal it off from potential hackers, it's easy to let something important slip through. That's especially true if you're an IT administrator juggling several tasks of which security is one.

To get anywhere with vulnerability management, Northcutt said there are five things to consider first:
1.Vulnerabilities are the gateways through which threats are manifested.
2.Vulnerability scans without remediation have little value.
3.A little scanning and remediation is better than a lot of scanning and less remediation.
4.Vulnerabilities in need of fixing must be prioritized based on which ones post the most immediate risk to the network.
5.Security practitioners need a process that will allow them to stay on the trail of vulnerabilities so the fixes can be more frequent and effective.

If a data breach happens and it's traced back to a flaw the company knew about but didn't fix, the consequences can be serious. "This could be factored into the punitive damages phase of a court case," Northcutt said.

Next, Northcutt said it's important to identify the primary threat vectors an organization must worry about. They are:
- Outsider attack from network
- Insider attack from network (VPN)
- Outsider attack from telephone
- Insider attack from local network
- Insider attack from local system
- Attack from malware

Read more by following the "full article" link.

Rating: 12345
Leave a comment

Note: all fields marked with (*) are required
Comments (0)
Close send to email window

Verification code

Already a member?
Blacklist monitoring alerts
sign up Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted.
Free Signup
Mail Server Operating System Poll

What OS do you use for your email server?
disabled next

How many mailboxes do you currently manage?
previous next

Would you like to comment upon the choosing of this particular OS?

DNS Tools
Get IP status, owner and location, obtain its corresponding hostname or check specific ports.
Ping Statistics
Reverse DNS Lookup
Whois Info (IP owner)
GeoIP Information
Check Port
Open Relay Test
Test if your mail server is an open relay for spammers.
Blacklist Checker
Check if your IP is listed in DNS based email blacklists (DNSBL)