Building a vulnerability management program can be a daunting task. With the number of vulnerabilities growing by the day, many organizations continue to struggle to wrap their arms around such a gigantic task. Having the ability to manage the sheer volume of vulnerabilities, correctly prioritize them, and track the organization’s progress in mitigating them are the largest concerns experienced today.

The Problem

Vulnerability management continues to be one of the top concerns of organizations of all sizes. With more sophisticated attack vectors being discovered every day, it’s no wonder that security and IT professionals are losing sleep over unhandled vulnerabilities. Aside from struggling to detect the stealthy tactics often used in today’s zero-day attacks, organizations are battling numerous hurdles attempting to build and maintain a vulnerability management program.

Of these hurdles, the alarming number of vulnerabilities and the ability to prioritize and continuously track the progress of patching and change management schedules across an entire organization are the most often reported pain points. Without a viable plan for building and maintaining a vulnerability management program, organizations run an extremely high risk of being the next victim of a preventable breach.

Security professionals responsible for vulnerability management are likely to be asking themselves a number of questions, trying to seek the answers, as well as find a solution that can help keep their challenges at bay. For example:

How can we overcome the struggle of building and maintaining our vulnerability management program?

How can we get a handle on the large number of vulnerabilities that plague our operations?

How can we better prioritize and track our vulnerability management progress?

The DFLabs and Tenable Security Center Solution

The DFLabs and Tenable Security Center solution pairs the power of IncMan SOAR’s automation and orchestration abilities with the strength of Tenable’s award-winning vulnerability scanning techniques to provide a one stop shop for an organization’s vulnerability program. By utilizing automation, security and IT staff can gather pertinent details surrounding specific vulnerabilities and adjust factors, such as priority through the use of product orchestration.

DFLabs’ SOAR solution enables security and IT teams to incorporate environmental data into their vulnerability scanning results to make automated decisions on prioritization and incident handling procedures based off of what each individual organization would like to implement. This allows for consistent handling of vulnerabilities and enables an organization to track and notify all teams responsible for vulnerability management and mitigation strategies.

About Tenable Security Center

Tenable.sc is a vulnerability management solution that provides visibility into an organization’s attack surface to manage and measure cyber risk. Tenable.sc does this through advanced analytics, customizable dashboards/reports and workflows to identify weaknesses on a network’s connected assets, by identifying all vulnerabilities, misconfigurations and malware on them.

Built on leading Nessus technology, Tenable.sc gathers and evaluates vulnerability data across multiple Nessus® scanners distributed across an enterprise and illustrates vulnerability trends over time to assess risk and prioritize vulnerabilities. Finally, Tenable.sc includes a configurable workflow engine that helps security teams speed up response and remediation, to reduce overall risk and streamline compliance.

Use Case

Now let’s look at a simple use case of IncMan SOAR and Tenable.sc in action.

An organization has developed their operational plan on how they would like to triage their vulnerability scanning results. They gathered input from all departments who would be responsible for helping to mitigate their vulnerabilities and created their action plan. When a new vulnerability is detected by Tenable Security Center, IncMan’s R3 Rapid Response Runbook for Vulnerability Management is executed.

The Vulnerability Management Runbook will start off by identifying what vulnerability has been detected. Depending on the priority, it will take one of three paths to confirm its true priority, and alert the necessary teams for mitigation. Once the vulnerability is parsed from the event, the R3 Rapid Response Runbook will pull information regarding the involved asset including its system information. Once this information is gathered, IncMan will come to its first set of conditional statements which look to see if the involved asset is a high priority.

If the asset is considered a high priority target, the R3 Runbook will elevate its priority to critical if it is already a high priority vulnerability. If it is a medium or low priority vulnerability it will be upgraded to a higher priority incident and the organization’s SIEM will be queried for additional security events targeting the asset. Once this information is gathered, IncMan will come to its second set of conditional statements which evaluate whether there were any additional security events targeting the asset. If there were additional security events a user choice selection will temporarily pause the Runbook and alert an analyst for manual review of the security incident.

If the analyst finds that the events were targeting the vulnerability reported by the asset, the priority is again adjusted and a ticket is created in the organization’s ticketing system for the responsible parties, which include the change management board, to plan for appropriate patching and mitigation activities. If additional security events are not observed, the R3 Runbook will conclude by opening a ticket in the organization’s ticketing system for the appropriate parties to review the vulnerabilities by vulnerability priority and plan for patching and remediation.

Summary

The DFLabs SOAR and Tenable Security Center solutions provides the much-needed assistance organizations large and small are looking for when building out a vulnerability management program. By utilizing the power of automation, organizations can map out their vulnerability triaging process to run each time a new vulnerability scan is executed. The robust scans produced by Tenable Security Center provide organizations with the confidence that they have the visibility necessary to stay ahead of their adversaries one asset at a time.

Please enable JavaScript to view the comments powered by Disqus.