Three burning questions about automating vulnerability lifecycle management—Part 1

Vulnerability lifecycle management—the process of continually monitoring and managing an enterprise in order to identify, validate and remediate potential security risks—is critical for organizations to avoid introducing new vulnerabilities that could compromise their overall security posture and, ultimately, business mission.

Despite this, continually importing, assessing and validating new vulnerability data; passing mitigation efforts through for approval; and delegating next steps, conducting follow-up and validation can be a time- and labor-intensive process when done manually. If an organization lacks the available capacity in its existing staff, such extensive monitoring and management efforts are difficult to maintain. If they are not prioritized, organizations are reducing their ability to protect themselves from known vulnerabilities.

As Swimlane Founder Cody Cornell explained in a recent sit down interview, “We all know with the Internet of Things (IoT) that the proliferation of IP-enabled devices in the enterprise is growing at a rapid pace. As such, organizations’ abilities to track, identify, remediate and validate these vulnerabilities—be it traditional infrastructure, cloud environments, mobile devices or emerging IoT devices—is only going to get more difficult because of device diversity and quantities.”

Even if an organization does have qualified staff in place, those employees’ time and talent can surely be better utilized by removing the significant leg work associated with manually monitoring and managing vulnerabilities 24×7.

As such, automated security platforms have emerged as a viable alternative to traditional, manual processing of vulnerability data and notifications. An automated platform, for instance, will do the following for organizations all in one centralized place:

  • Intake vulnerability notification from 3rd party sources (e.g. US-CERT/NVD) and generate notifications around potential impact, ease reporting and general situational awareness through dashboards and reports.
  • Ingest vulnerability scan data from multiple scanners into a central and standardized data repository for simple reporting and tracking.
  • Automatically assign system owners to specific vulnerabilities, apply customized security scoring, assist with prioritization based on a variety of sources. These sources could include the vulnerability scanner, but also internal variables that are only known to your organization such as: “Is this system used to service customers or does it house sensitive data such as Personally Identifiable Information (PII)?”

So, what do organizations need to know about automating the vulnerability monitoring and management lifecycle? Here, in Part 1 of this series, we’ll get into the first of three questions that organizations tend to have about automation, which Cody took some time to answer…

Q: What are the challenges that organizations face regarding vulnerability management, and how does automation help solve them?

A: The longer the vulnerability monitoring and management process is, the greater opportunity attackers have to breach an underlying network and do significant damage. This is not unlike dwell time for threat response; the slower we are in closing gaps, the more opportunity there is the for the unsavory to elicit greater damage. Having some level of automation enables organizations to more rapidly move activities forward in order to close vulnerability gaps, with as little human interaction as possible.

More automation generally correlates to organizations being able to move more quickly and efficiently with their existing resources—closing gaps faster and more comprehensively—thus increasing the difficulty and closing the time window for attackers to compromise the vulnerabilities that are not yet remediated.

Not only does automation enable organizations to better protect themselves, but it also streamlines and enhances their overall workflow. Let’s give back time to dedicated, hard-working IT staff; let’s have them stop working round-the-clock in order to monitor for vulnerabilities.

In Part 2 of this series, we reveal answers to two more questions about automated vulnerability lifecycle management. Specifically:

  • How can organizations strategically leverage the vulnerability data at their disposal?
  • Do the majority of vulnerability lifecycle management tools available today include necessary levels of automation?

Want to learn more about automated security operations for MSSPs, who provide vulnerability management for multiple customers? Check out this post.

*** This is a Security Bloggers Network syndicated blog from Swimlane (en-US) authored by Brian O'Meara. Read the original post at: