Vulnerability Management

Why is an effective vulnerability management program important? 

It is a daily news occurrence, that in today’s rapidly evolving digital landscape, organizations face an ever-growing number of cyber threats. Today’s Chief Information Security Officers (CISOs) and their security teams play a vital role in protecting their most valuable assets and in mitigating risks of a potential costly breach. One of the hardest tasks for enterprises today is the prioritization of their vulnerability remediation effort. Most companies already follow a common vulnerability or patch management practice, but how do organizations know which vulnerabilities need to be patched NOW, and which ones can wait for a maintenance window? When listening to customers describe their daily operations, it turns out that they see some room for improvement in their prioritization effort - not just on how to collaborate between infrastructure and security teams, but how to use the right integrated tools to work more efficiently and to provide the best preventative measures before attacks happen.  

Four reasons why vulnerability management is important:

1. Proactive Prioritization of Risk Mitigation 

   There are no doubts that a proactive well-executed approach to health-check your assets is better than a reactive one, one that happens after your company got compromised. To reduce the likelihood of a successful cyberattack, you want to be able to identify, prioritize and address vulnerabilities before they are exploited by malicious actors. Being proactive means strengthening the organization's security posture and minimizing potential damage to critical assets and sensitive data. 

2. Continuous Monitoring 

   Having the right tools which can identify misconfigurations, outdated software versions and continuously monitor your assets in real-time for weaknesses should be a given. You and your team want to stay one step ahead of the attacker. Being able to spot vulnerabilities fast and apply patches and updates, if necessary, helps safeguard critical systems, preventing unauthorized access, data breaches and service disruptions. 

3. Compliance and Regulatory Requirements  

   To meet compliance and regulatory standards, vulnerability management is essential. Many industry regulations, such as the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS), require organizations to maintain a robust vulnerability management program. Security managers and CISOs adhere to these standards to avoid legal consequences and reputational damage. 

4. Effective Resource Allocation 

   Seeing a high number of vulnerabilities in your environment can be overwhelming. You may not understand where to start. By being able to conduct your assessments based on their potential impact and likelihood of exploitation, you can focus your efforts on mitigating the most critical risks first. A good scoring system which helps you prioritize your efforts can help here. Following the prioritization approach will ensure optimal resource utilization and thus ensure limited security resources are used where they are most needed. 

How Carbon Black Cloud helps Security Teams: 

• Operating system and application vulnerability management 

• Support for on-premise workloads and native EC2 instances with AWS 

• vCenter plug-in for visibility into workloads managed via vSphere 

• Prioritized assessment based on risk and exploit potential 

• Built-in risk scoring leveraging Kenna Security to identify “true- priority”  

• Scanless to avoid performance impact 

• Support for Windows and Linux 

• Open APIs for integration and automation of workflows 

The Vulnerabilities Dashboard in the vCenter console  

VMware and Kenna Security 

VMware Carbon Black has partnered with Kenna Security to incorporate the Kenna Risk Score into the Vulnerability Management solution. This provides a real-world analysis and prioritization of vulnerabilities based on the Kenna Risk score. 

Every vulnerability is assigned a risk score of between 0.0 (no risk) and 10.0 (maximum risk). The risk score range and severity are defined as follows. 

Kenna uses a combination of vulnerability context and threat intelligence to determine a specific risk score for each vulnerability. Some of the critical factors in determining the Kenna Risk score are listed below. 

• Predictive (Boolean) classification by a machine learning classifier trained on historical exploit and exploitation data (confirmed 94 percent accuracy rate)  
• Availability of an exploit module in a weaponized exploit kit  
• Pervasiveness of a vulnerability across disparate client environments  
• Presence of a near-real-time exploitation in one or more of the above data sources  
• Availability of a recorded exploit in exploit sources  
• CVSS (Common Vulnerability Scoring System) points above average 

Conclusion 

Developing an effective vulnerability management strategy enables infrastructure and security teams to proactively mitigate risks, protect critical assets and comply with regulatory requirements. Through prioritization and decisive action, security managers can protect their organization against evolving cyber threats and ensure a resilient and secure digital environment.  

Helpful resources to understand how Carbon Black Cloud can support you in achieving the highest level of protection can be found here: 

• VMware Carbon Black Cloud Vulnerability Management Datasheet 
• Vulnerability Assessment API