Focus on prompt remediation, risk prioritization, and coverage, with efficiency improvements as a secondary concern: Time to Remediate (TTR), Vulnerability Severity Distribution, Patch Compliance, Vulnerability Detection Rate, False Positive Rate.
Senior Manager INFOSEC AND Risk ASSESSMENT Engineering at Atlas Systems
Real User
Top 5
2023-09-12T10:56:16Z
Sep 12, 2023
Scope - Information Gathering - Information Analysis & Planning - - Select VA tool - Scan - Vulnerability Detection - Remediation Planning - Remediation Execution - Result Analysis - Reporting - Cleanup - Rescan the Task in 90 days - Compare the Result - No gap - Successful VA scanning
What is vulnerability management? Vulnerability management is the meticulous, exhaustive, systematic process implemented to discover any potential threats or vulnerabilities, stop those threats, and repair those vulnerabilities before any serious problems develop with your important operating systems. Vulnerability management also involves fixes and patches to repair those threats and vulnerabilities. It is generally accomplished in combination with additional risk assessment and...
To measure the effectiveness of your vulnerability management program. The below are some main KPIs to consider:
- Vulnerability Scan Coverage
- Vulnerability Remediation Rate
- Time to Remediation
- Critical Vulnerability Exposure
- False Positives Rate
- Asset Inventory Accuracy
- Patch Compliance Rate
- Open vs. Closed Vulnerabilities
- Vulnerability Severity Distribution
- Mean Time Between Incidents (MTBI)
- Cost per Vulnerability Remediation
- User Training and Awareness.
Try the following:
Categorize all your assets based on function and criticality to the business.
Tackle remediation based the above
Separate application vulns from OS
Work with asset owners (OS and Application Owners) - get their buy in - they do the work so they have to believe in it
Address top risky assets
Measure risk and vulns count over time for the asset groups you created
Goes without saying monthly, quarterly patching schedule to push out ongoing released patched
Create a process that address Zero day and test it
Implement a process and stick to it. Vulnerability management is about having a tight process that works.
Focus on prompt remediation, risk prioritization, and coverage, with efficiency improvements as a secondary concern:
Time to Remediate (TTR), Vulnerability Severity Distribution, Patch Compliance, Vulnerability Detection Rate, False Positive Rate.
Scope - Information Gathering - Information Analysis & Planning - - Select VA tool - Scan - Vulnerability Detection - Remediation Planning - Remediation Execution - Result Analysis - Reporting - Cleanup - Rescan the Task in 90 days - Compare the Result - No gap - Successful VA scanning
Best VA Scanners- Tenable - Qualys