Vulnerability Management is the process of identifying and eliminating the vulnerabilities in a company’s information system, namely: in the network infrastructure, on endpoint and websites. The inventory of an organization’s assets is carried out using network and system scanners. To analyze the state of the information system, the technologies of penetration testing, system checks and compliance management are used.
To build an effective vulnerability management process, the following vulnerability scanning solutions are used in conjunction:
- Asset discovery – detecting and identifying local and remote hosts
- Vulnerability scanning – scanning hosts for vulnerabilities
- Vulnerability assessment – identifying critical vulnerabilities
- Vulnerability remediation – recommendations for fixing vulnerabilities by patching and configuring systems
A modern VM system should be able to inform about critical vulnerabilities and eliminate particularly dangerous ones quickly and in an emergency mode. At the same time, this process should not stop the business activity of an enterprise. This, in turn, imposes serious requirements to the development of such solutions.
The most important of them are the following: the product shall help a company to build a full-fledged process that includes all the stages and subtleties of dealing with vulnerabilities, i.e. shall enable identifying and prioritizing them, and shall make it possible for IT and information security services to interact with each other and to formulate updating and addressing policies. Such a system shall completely eliminate the shortcomings of previous generations of vulnerability management solutions and build the vulnerability management process in a company as efficiently as possible.