What is Threat & Vulnerability Management?

What is Threat & Vulnerability Management?

Threat & Vulnerability Management is the process of identifying, analyzing, triaging and resolving computer security vulnerabilities. It is a process that handles the full lifecycle of vulnerabilities to ensure that nothing slips through the cracks in a complex environment.

With modern IT infrastructure composed of different operating systems, applications, databases, firewalls, orchestration tools, and more, the attack surface for potential vulnerabilities has never been greater. The traditional process of manually analyzing the status of security is no longer feasible.

Threat & Vulnerability Management automates this process to ensure that all of these different solutions are constantly configured in a way to minimize potential threats. Note that this is an ongoing process, as the security landscape is a highly dynamic environment with new attacks and threats added daily.

What’s the difference between Vulnerability Assessment and Vulnerability Scanning:

To clarify: Both Vulnerability Assessment and Vulnerability Scanning are subsets of the Threat & Vulnerability Management.

Vulnerability Assessment is the part that involves analyzing the current state of the system and helps to determine any necessary steps to solve potential weaknesses. This is effectively the part of the management process that reviews the current state of the environment and helps with the identification and remediation of weaknesses before they can be exploited.

Vulnerability Scanning is the part that monitors security on an ongoing basis. This includes port scanning and software version checking. Vulnerability scanning ideally runs consistently, via automated means, and on an ongoing basis to seed the assessment process with data to analyze the threats and determine necessary courses of action.

The Threat & Vulnerability Management process is broken down into five key steps.

1.    Checking for vulnerabilities

Security vulnerabilities such as unpatched software can accidentally allow users to breach an application, an operating system, a firewall, and so on. This problem is compounded by the fact that IT systems are now highly distributed and run a wide range of software.

Threat & Vulnerability Management tool will need to scan all of the endpoints to determine, for example, the current software patches running, IP table configurations, ports and protocols and user configurations, this will allow reporting on a comprehensive picture of the current state of the environment.

2.    Identifying vulnerabilities

Once the Threat &Vulnerability Management tool has an up-to-date and comprehensive dataset, it must then determine what vulnerabilities exist. This can be achieved by running the system configurations against a database of known security issues to determine which are applicable. As this typically involves complex networked and distributed solutions, it’s important that the database contains relevant information about how the vulnerabilities engage with different systems and how network configurations can affect them. As new threats are discovered, it’s essential to continuously scan your endpoints for new potential security risks.

3.    Evaluating the vulnerabilities

Now that we have information on all of our endpoints and the vulnerabilities located, the tool must then determine what the risk, potential implications, and solutions are so that the ideal mitigation route can be determined and actioned. The tool also provides a level of risk to the user to help in prioritizing and triaging.

4.    Resolving vulnerabilities

Next, the Threat & Vulnerability Management tool should be used to determine the ideal course of action to resolve the identified vulnerabilities in the system. This could include patching, reconfiguring network settings, removing stale user accounts and so on. The tool provides sufficient information to determine what these compromises are and what the course of action is.

5.    Reporting & patching vulnerabilities

With the course of action determined, relevant finding reports are shared with relevant teams and the IT department will then need to implement the fix.