SANS Critical Control 4: Continuous Vulnerability Assessment and Remediation
- Jun 24, 2013
- Michelangelo Sidagni
As part of SANS 20 Critical Security Controls mapping with Unified VRM series, today I am going to discuss Critical Control 4: Continuous Vulnerability Assessment and Remediation.
This is really the Unified VRM SaaS solution specialty.
Most of our customers tell us that prior to using Unified VRM, they were performing either a vulnerability scan every quarter or a full penetration testing once a year – the most sophisticated ones.
Performing a Continuous Vulnerability Risk Management process means that the organization can perform vulnerability scans on-demand, on most the enterprise critical infrastructure (including wired and wireless network and web applications) and it has a process to completely remediated discovered vulnerabilities after they have been discovered. Most organizations in fact fail in the remediation process, not in the detection!
The SANS Critical Control 4 continues by mentioning the following essential steps for implementing the control:
“Step 1: Vulnerability intelligence service provides inputs to vulnerability scanner
Step 2: Vulnerability scanners scan production systems
Step 3:Vulnerability scanners report detected vulnerabilities to a vulnerability management system (VMS)
Step 4: The VMS compares production systems to configuration baselines
Step 5: The VMS sends information to log management correlation system
Step 6: The VMS produces reports for management
Step 7: A patch management system applies software updates to production systems.”
1. Vulnerability Detection Signature are produced QAed every day by a team of expert coders and penetration testers at NopSec.
2. Vulnerability scans can be performed on-demand by the customers on all critical infrastructure, including wired and wireless networks and web applications. The scanning engines are absolutely production-safe, as they automatically throttle if they sense reduced response times from target hosts.
3. Vulnerabilities are reported the Unified VRM and automatically verified by our patent-pending artificial intelligence engine, that also prioritize the vulnerabilities based on their impacts on the organization’s critical infrastructure.
4. The security configuration module can test and rate your critical hosts’ security configurations against best practice and compliance configuration standards.
5. Correlation among different assets with the same IP address happens, correlating for example network based vulnerabilities on web server with web application based vulnerabilities.
6. Results can be filtered and drilled against all the vulnerabilities key metrics and against custom established meta-tags. An easy-t-use report generator helps generating reports for management, auditors and technical decision makers – network administrators and code developers.
7. Unified VRM interacts with most of commercial and open source patch management (Microsoft, Puppet, etc.), and trouble ticketing systems (Jira, Remedy, etc.) through its RESTful authenticated interface. Unified VRM also helps generating Web Application Firewall blocking and logging rules to temporarily block discovered web application vulnerabilities.