Focus on prompt remediation, risk prioritization, and coverage, with efficiency improvements as a secondary concern: Time to Remediate (TTR), Vulnerability Severity Distribution, Patch Compliance, Vulnerability Detection Rate, False Positive Rate.
Senior Manager INFOSEC AND Risk ASSESSMENT Engineering at Atlas Systems
Real User
Sep 12, 2023
Scope - Information Gathering - Information Analysis & Planning - - Select VA tool - Scan - Vulnerability Detection - Remediation Planning - Remediation Execution - Result Analysis - Reporting - Cleanup - Rescan the Task in 90 days - Compare the Result - No gap - Successful VA scanning
Vulnerability Management involves identifying, assessing, and addressing security vulnerabilities within an organization's IT framework to protect against potential threats.This practice is essential for organizations to maintain their security posture, minimizing risks associated with security breaches. Solutions in this category provide tools that help detect vulnerabilities across networks, applications, and hardware. Effective management includes regular scanning, patching, and...
To measure the effectiveness of your vulnerability management program. The below are some main KPIs to consider:
- Vulnerability Scan Coverage
- Vulnerability Remediation Rate
- Time to Remediation
- Critical Vulnerability Exposure
- False Positives Rate
- Asset Inventory Accuracy
- Patch Compliance Rate
- Open vs. Closed Vulnerabilities
- Vulnerability Severity Distribution
- Mean Time Between Incidents (MTBI)
- Cost per Vulnerability Remediation
- User Training and Awareness.
Try the following:
Categorize all your assets based on function and criticality to the business.
Tackle remediation based the above
Separate application vulns from OS
Work with asset owners (OS and Application Owners) - get their buy in - they do the work so they have to believe in it
Address top risky assets
Measure risk and vulns count over time for the asset groups you created
Goes without saying monthly, quarterly patching schedule to push out ongoing released patched
Create a process that address Zero day and test it
Implement a process and stick to it. Vulnerability management is about having a tight process that works.
Focus on prompt remediation, risk prioritization, and coverage, with efficiency improvements as a secondary concern:
Time to Remediate (TTR), Vulnerability Severity Distribution, Patch Compliance, Vulnerability Detection Rate, False Positive Rate.
Scope - Information Gathering - Information Analysis & Planning - - Select VA tool - Scan - Vulnerability Detection - Remediation Planning - Remediation Execution - Result Analysis - Reporting - Cleanup - Rescan the Task in 90 days - Compare the Result - No gap - Successful VA scanning
Best VA Scanners- Tenable - Qualys