By Manish Tanwar
World Informatix Cyber Security
Everyone who is in cyber security or relates to cyber world will look for better ways of security assurance. But there is no such shortcut which can assure full-proof security , the only thing one can try to do is minimize risk by performing Vulnerability Assessment and Patch Management continuously.
A plan of continuous vulnerability assessment and patch implementation surly can reduce the chances of misshaps. Every day, researchers (good/bad) develop new way to trick and exploit software and other things which relates to cyber world, so we need to keep update ourselves with those new attack vectors and also try to enumerate vulnerability from our side too. Using such approaches we can minimize the risk of successful attacks.
Continuous vulnerability assessment may be monthly, quarterly, half yearly or yearly (its depends on budget plan decided by higher management for security assessment).
Lets continue to core stuff AKA process of Continuous vulnerability assessment and remediation process
1. Use a scanning tool which has updated list of publicly disclosed vulnerabilities. There can be free or paid tools available which has such functionalities, one can update those tools by following simple steps and those tools are totally automated to perform scans.
2. Once scanning and manual vulnerability assessment are completed, prepare the list of vulnerability reported by scanner as well as manual findings. Don’t forget to filter out false positive results (finally Scanner is just program which works on the basis of request and response and hence can produce false positives).
3. Scan should be performed in authenticated as well as unauthenticated manners. Unauthenticated scan should be more frequent, because attack possibility is more from outside then inside.
4. After preparing well a documented report having vulnerability description and patches issues, before implementing patch to service/application/system which are critical, make sure patch is compatible with service/application/system (try patch with same config in test environment).
5. Once patch implementation has been done by relevant team, perform assessment to verify patches are working fine and vulnerability existence is no more.
6. Vulnerability may be hidden/newly discovered so never think a system is safe. Always perform vulnerability assessment in regular intervals of time.
This is the overview and process of one of the important SANS top 20 security control. This security control must be prioritize if one is really concerning about cyber security and hunt down the vulnerability before hacker compromise your system/network.