Employ a vulnerability management workflow to better secure your organization

By

Implementing the right vulnerability management tool for your organization is important, but without a defined vulnerability management workflow in place, your success using any technology is going to be limited at best.

Particularly at the enterprise level, it’s not just important to maximize on your technology investments. It’s a requirement, and while vulnerability management is a major piece of your overall cybersecurity posture, you still need to implement effective workflows to ensure those tools are returning the most value for the investment.

As you’ll see in this article, an effective vulnerability management process only benefits from the extensive visibility and context about your cyber assets that a platform like JupiterOne can offer.

What does a vulnerability management workflow process look like?

Once it’s laid out, a step-by-step vulnerability management workflow is fairly simple to follow. Anything too complex becomes more difficult to follow regularly, limiting its effectiveness and opening the possibility for critical vulnerabilities to escape notice and cause problems later.

Our proposed workflow is fairly standard and  can be broken down into four stages:

  • Identification
  • Assessment
  • Resolution
  • Validation

These steps, not surprisingly, are reflected in our previous article about assessing a vulnerability management system. Rather than focus on the technology here, I’ll touch on some of the details you should consider at each stage when documenting and implementing this workflow.

Step 1: Identify vulnerabilities

You can’t fix what you don’t know is broken, right? Identifying vulnerabilities within your cyber assets is both a) the important first step in your workflow, and b) a continuous, evolving, and circular process. This process should include continuous monitoring of your environment, vulnerability assessments conducted in accordance with company policy and appropriate compliance regimes, and feedback loops that include employee reporting, supplemental programs (like bug bounty activities), and reports from the vulnerability management workflow itself.

Step 2: Assess vulnerabilities

Because the number of cyber assets for most organizations is so vast, the number of vulnerabilities you’re likely to discover may seem overwhelming.

The assessment and prioritization step in this workflow will help guide your remediation efforts by taking the right actions based on severity and availability of a fix. Apply these questions to each vulnerability:

  • How much risk does this vulnerability pose to the organization? Spend your resources on the vulnerabilities that have the greatest potential impact if they are exploited.
  • Is it possible to remediate? Some vulnerabilities can’t be fixed at the time they are discovered; in those cases, you either need to temporarily mitigate or wait for a solution to become available.
  • Is it possible to mitigate? Mitigation activities lower the risk to your organization without fully resolving the problem.
  • Can you accept the risk? Lower risk vulnerabilities may not be worth spending time remediating or mitigating. Skip the next step and move on.

Step 3: Resolve or mitigate vulnerabilities

Using the answers to the questions you asked in step 2, you’re ready to take action. Remediation and mitigation both take many forms depending on the cyber asset, the vulnerability, and your prioritization decisions.

Remediation

Some remediation activities include:

  • Removing problematic applications from your environment entirely
  • Updating operating systems on endpoints, mobile devices, and network devices
  • Applying security patches and other updates to internet-facing apps

Mitigation

Mitigation limits the damage a vulnerability can cause. Some mitigation options include:

  • Locking down permissions on potentially affected records or data stores
  • Employing targeted monitoring and alerting for vulnerable apps
  • Conducting employee training and awareness activities

Step 4: Validate and document your actions

Vulnerability management requires continuous attention and feedback gained from all stages of the workflow. These learnings can be used as intelligence for future decisions about vulnerabilities, detailed reports on the progress of the program, or even responses to regulators and other legal bodies in the event of a breach or incident.

Vulnerability management workflow step-by-step
Your vulnerability management workflow should include a feedback loop for continuous improvement.

Plan your way to greater security

Employing a vulnerability management workflow alongside the tools and technology you have in place is the secret to getting the greatest value from those tools. The workflow outlined here is a framework to build on that, combined with the visibility into your cyber assets that JupiterOne can provide, will help you keep your organization safe from the most damaging cyber attacks.

If you want to learn more about JupiterOne, watch our short demo video and see how our platform helps you gain visibility and drastically reduce your risk exposure.

New call-to-action
Corey Tomlinson
Corey Tomlinson

Corey is a Senior Product Marketing Manager at JupiterOne. Since 2005, he's combined his interest and experience in technology, including working on the insider threat and digital forensics frontlines, with an array of storytelling and content creation skills.

Keep Reading

The top 10 questions that every engineering leader should be able to answer
February 2, 2023
Blog
The top 10 questions that every engineering leader should be able to answer

We polled some of our engineering leaders to see what it takes to succeed. In part two, we see if their answers align with the CISOs we talked to.

Identify compromised versions of Github using JupiterOne
January 31, 2023
Blog
Identify compromised versions of GitHub apps using JupiterOne

As a preventative measure, Github will be deprecating the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-

The top 11 questions that every CISO should be able to answer
January 30, 2023
Blog
The top 11 questions that every CISO should be able to answer

In part one of this two-part series, we polled some of our top security experts to see what it takes to succeed secure and manage resources effectively.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.