The purpose of this series of blogs is to guide you on your journey up the Vulnerability Management Mountain (VMM). Like climbing a mountain, there is a lot of planning and work required, but when you get to the top, the view is amazing and well worth the journey.

Your progress will depend on your funding and priorities, but climbing at a quick steady pace will help secure your environment. As we climb, you will progress up the Vulnerability Management Maturity Model, and this process will be reusable over and over when new groups, organizations or acquisitions are brought in.

Step 1: Equipment and Preparations

It is inadvisable to just decide to start climbing a mountain without any preparations. The same holds true for Vulnerability Management Mountain (VMM), and doing so will lead to frustration and failure.

To prepare for VMM, we build out our plan, and the equipment includes Tools, a plan (map) and companions.

The Plan (aka Map)

You would not climb a mountain without a map, and a vulnerability management plan serves that purpose here. This plan will not be static, and you are expected to make changes and notes as you progress. When a landslide has blocked a path, mark it and then draw in the alternative route.

Here are some things to think about before you start.

Equipment

You can’t climb a mountain without the right gear, and the same holds true here. There are a lot of tools, both commercial and open source, that help you on this journey. You have the option of using a VM suite that will combine most of the tasks for you in a single product or which you can use to pick and choose tools to do the specific tasks.

There are pros and cons to each tool (Read more...)