The Hacker News Logo
Subscribe to Newsletter

Vulnerability Management: Think Like an Attacker to Prioritize Risks

Attackers care about ROI – they want to accomplish their objective with the least investment of time and resources possible. The same is true for you - to most effectively manage vulnerabilities, you need to think like an attacker. Ask yourself: How would you go about compromising systems, exfiltrating valuable information and making money? What are the key assets in your network that you would target? How would you get to these assets?

Attackers are looking for vulnerabilities that are exposed – ones offering them an easy way to penetrate your network and pivot into the truly valuable assets on your network. Although zero-day exploits are heavily publicized, attackers more often use older, proven exploits very effectively. Fortunately, many such exploits are well known and have clear remediation methods.

So, how can you determine if a known vulnerability is actually exploitable? The key is to correlate system vulnerabilities with threat intelligence so you can prioritize those vulnerabilities that actually give the bad guys a point of entry into your network.

Prioritize the Vulnerabilities that Matter with AlienVault Unified Security Management (USM)
AlienVault Unified Security Management (USM) gives you visibility to vulnerabilities in real-time for prioritization and incident response. Because USM combines vulnerability management with asset inventory, host-based IDS, network IDS, netflow analysis, file integrity monitoring, and SIEM event correlation, all of the rich information captured by these capabilities is viewable in a single screen.

As soon as an alarm is triggered, you can immediately identify known malicious IPs interacting with a vulnerable host, along with all events involving that host, details on the vulnerabilities discovered, notes on who owns the system as well as all the software installed on it.
Built-in Active Vulnerability Scanning and Assessment
AlienVault USM provides continuous vulnerability monitoring. Also known as passive vulnerability detection, USM correlates the data gathered by its asset discovery scans with known vulnerability information for improved accuracy. USM supports unauthenticated scanning, which is scanning without requiring host credentials. This scan probes hosts with targeted traffic and analyzes the subsequent response to determine the configuration of the remote system and any vulnerabilities in the installed OS and application software. USM also supports authenticated scanning – which is scanning with credentials. This entails access to the target host’s file system, to be able to perform more accurate and comprehensive vulnerability detection by inspecting the installed software and its configuration. USM allows you to mix and match these methods as well.

For example, you may wish to run authenticated scans on compliance-related assets and throttle back to passive vulnerability assessment on low risk assets where reducing network traffic matters more than validating stringent security configurations. Plus, you can schedule scans, with flexibility to select which network segments are to be scanned, and at what frequency.
Remediation Advice for Every Vulnerability
AlienVault USM also provides remediation advice for vulnerabilities that are found. It includes dynamic incident response templates and 3rd party references to help you figure out how to remediate vulnerabilities that a scan may find. This advice saves you time researching each vulnerability and tracking down this information yourself.

USM can also send email alerts, open a ticket in the built-in ticketing system, or send an email to an external help desk / ticketing system. And, since exploits often opportunistically follow the discovery and public announcement of vulnerabilities by the security community, the USM vulnerability database is constantly updated with the latest details on known vulnerabilities. The built-in remediation advice is also kept up-to-date and vetted by the AlienVault Labs security research team.
Learn more about Vulnerability Management with AlienVault USM
Vulnerability management is never "done", as increasing attack vectors and software complexity require continuous monitoring. With a unified approach to security management, you can use a single product from a single vendor to determine which vulnerabilities are actually putting your network at risk, and prioritize remediation efforts accordingly.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.