Vulnerability Management (VM) is a critical component of any layered cybersecurity approach that when implemented effectively can significantly reduce your attack
surface (or the number of nodes that a would-be hacker could expose) while greatly minimizing your risk profile. A vulnerability is a weakness in a computer system (or any device that is connected to the Internet) that can be exploited by a cyber-attack to gain unauthorized access. Once unauthorized access is obtained, attackers can install malicious code, steal, destroy and even modify sensitive data.
Vulnerability Management (as defined by the Cybersecurity & Infrastructure Security Agency or CISA) is a security capability that supports ongoing assessments of a grouping of security controls that are employed to:
Give organizations visibility into the known vulnerabilities present on their networks. Known vulnerabilities are those with a Common Vulnerabilities and Exposures (CVE) identifier or discovered by the local organization and associated with a specific set of software products and operating systems; to include IOS and firmware.
Delay or prevent entry of malicious or compromised software from being installed on the network.
Reduce the number of easy-to-compromise devices due to vulnerable software or flawed code.
Delay or prevent vulnerable software from being used to gain access to other parts of the network, for expansion and or escalation of privileges, or for data exfiltration. (“Vulnerability Management FAQ | CISA”)
What should I expect to accomplish as a result of implementing a VM service or program?
An effective VM service or program identifies, prioritizes, and mitigates known vulnerabilities on networks and computers that might otherwise be exploited for malicious intent. If you cannot identify vulnerabilities or even know that they exist, then you cannot fix them or mitigate your risk. Only after the vulnerabilities are identified can they be fixed with the appropriate patch.
What types of cybersecurity concerns would I be addressing with Vulnerability Management?
Would be hackers are always looking for computers to execute their agenda. They scan high numbers of Internet Protocol (IP) addresses, or Internet connected devices, and do this routinely in hopes of finding known vulnerabilities which can be found openly here. Should a hacker be able to successfully exploit a vulnerability within your environment, this might allow them to gain a foothold that would permit them to pivot to other hosts or computers within your network. As a part of your VM service, vulnerabilities are identified and prioritized based on exploitable or the ability to expose any one particular vulnerability to accomplish their objective(s).
Can I prevent Vulnerabilities from getting onto my environment all together?
Software is inherently flawed, typically as a result of poor software development practices as well as other organizational pressures to produce code in a timely manner to meet specific business goals, objectives, and timelines. There are several actions that can be taken however, to reduce the number of vulnerability instances found across your environment. The first of which is to remove all software that is no longer necessary to support tasks or roles on any one computer. Older programs can create opportunities for bad actors (hackers) to find a hidden path onto your device while potentially allowing them to wreak havoc across your network. Secondly, once a computer or specific software has reached “end of life” it is best to remove it from the environment all together. Since this older device or software is no longer supported by the vendor it inherently creates a vulnerability as a result of any newfound bugs or fixes which will no longer be addressed or maintained. There will also be no patches available from the vendor moving forward to correct the issue potentially allowing it to fall easy prey to a bad actor.
I use anti-virus software. Isn’t this good enough to protect my computer?
The best approach to cybersecurity is through a layered approach. Analogous to your home, you might have a fence around your home with a guard dog roaming your grounds for protection. Secondly, you may have a locked front door along with a video camera or motion sensor to let you know when someone is present. The computer world operates in a similar manner with specific devices used to execute these functions such as firewalls, intrusion detection systems, and antivirus, each integral elements to a layered security approach. Anti-virus software looks for malicious code, or software that can infect files that often make their way onto your computer by clicking various links across the Web or by downloading attachment files that you could have easily received within an email. These infected files can open doors, quite literally, for a bad actor and allow them to carry out nefarious activities using your machine to do their will.
My home network is small, and I don’t really have anything on my computers that a hacker would want.
A hacker doesn’t always steal personal data, finances, or even one’s identity. In many cases, these individuals are looking for computers they can include as a part of a greater campaign or agenda. Many home-based machines are turned into “zombie” computers that can be instructed remotely to perform nefarious acts on behalf of a bad actor with the users rarely even suspecting that their machines have even been taken over or turned into a “zombie.”