Implementing the right vulnerability management tool for your organization is important, but without a defined vulnerability management workflow in place, your success using any technology is going to be limited at best.
Particularly at the enterprise level, it’s not just important to maximize on your technology investments. It’s a requirement, and while vulnerability management is a major piece of your overall cybersecurity posture, you still need to implement effective workflows to ensure those tools are returning the most value for the investment.
As you’ll see in this article, an effective vulnerability management process only benefits from the extensive visibility and context about your cyber assets that a platform like JupiterOne can offer.
What does a vulnerability management workflow process look like?
Once it’s laid out, a step-by-step vulnerability management workflow is fairly simple to follow. Anything too complex becomes more difficult to follow regularly, limiting its effectiveness and opening the possibility for critical vulnerabilities to escape notice and cause problems later.
Our proposed workflow is fairly standard and can be broken down into four stages:
- Identification
- Assessment
- Resolution
- Validation
These steps, not surprisingly, are reflected in our previous article about assessing a vulnerability management system. Rather than focus on the technology here, I’ll touch on some of the details you should consider at each stage when documenting and implementing this workflow.
Step 1: Identify vulnerabilities
You can’t fix what you don’t know is broken, right? Identifying vulnerabilities within your cyber assets is both a) the important first step in your workflow, and b) a continuous, evolving, and circular process. This process should include continuous monitoring of your environment, vulnerability assessments conducted in accordance with company policy and appropriate compliance regimes, and feedback loops that include employee reporting, supplemental programs (like bug bounty activities), and reports from the vulnerability management workflow itself.
Step 2: Assess vulnerabilities
Because the number of cyber assets for most organizations is so vast, the number of vulnerabilities you’re likely to discover may seem overwhelming.
The assessment and prioritization step in this workflow will help guide your remediation efforts by taking the right actions based on severity and availability of a fix. Apply these questions to each vulnerability:
- How much risk does this vulnerability pose to the organization? Spend your resources on the vulnerabilities that have the greatest potential impact if they are exploited.
- Is it possible to remediate? Some vulnerabilities can’t be fixed at the time they are discovered; in those cases, you either need to temporarily mitigate or wait for a solution to become available.
- Is it possible to mitigate? Mitigation activities lower the risk to your organization without fully resolving the problem.
- Can you accept the risk? Lower risk vulnerabilities may not be worth spending time remediating or mitigating. Skip the next step and move on.
Step 3: Resolve or mitigate vulnerabilities
Using the answers to the questions you asked in step 2, you’re ready to take action. Remediation and mitigation both take many forms depending on the cyber asset, the vulnerability, and your prioritization decisions.
Remediation
Some remediation activities include:
- Removing problematic applications from your environment entirely
- Updating operating systems on endpoints, mobile devices, and network devices
- Applying security patches and other updates to internet-facing apps
Mitigation
Mitigation limits the damage a vulnerability can cause. Some mitigation options include:
- Locking down permissions on potentially affected records or data stores
- Employing targeted monitoring and alerting for vulnerable apps
- Conducting employee training and awareness activities
Step 4: Validate and document your actions
Vulnerability management requires continuous attention and feedback gained from all stages of the workflow. These learnings can be used as intelligence for future decisions about vulnerabilities, detailed reports on the progress of the program, or even responses to regulators and other legal bodies in the event of a breach or incident.
Plan your way to greater security
Employing a vulnerability management workflow alongside the tools and technology you have in place is the secret to getting the greatest value from those tools. The workflow outlined here is a framework to build on that, combined with the visibility into your cyber assets that JupiterOne can provide, will help you keep your organization safe from the most damaging cyber attacks.
If you want to learn more about JupiterOne, watch our short demo video and see how our platform helps you gain visibility and drastically reduce your risk exposure.
