The time at ML:0 can be eye-opening form many organizations. There are generally a lot of assets discovered that are new or had been forgotten about. Almost every organization discovers their own Methuselah; this is the system that has been around forever and performs some important tasks but has not been updated in years. The system admins are scared to touch it for fear of breaking something.
At this point in the climb, you see the value of asset discovery and vulnerability assessments, but this is a lot of manual work, so is the return on investment here? If you have plenty of manpower, then ML:0 might be a place you decide to hang out in for a while. If your organization is like most others and you are hit by the security skills gap, then you know how hard it is to staff good security engineers.
If you are ready, it is time to climb to the next level: ML1.
Let’s start with a plan to get to ML1.
At this point, you know what is on the network and have an idea of the overall volume of vulnerabilities that exist in the organization. Your teams have also patched or mitigated some of these vulnerabilities so the cost involved is also known. Doing the manual scans is costly, so at this point, you need to invest in a tool that can kick off scans at the push of a button. It is time to break up the network into logical chunks that can be assessed and mitigated in a timely manner.
There are many ways to break up the environment to help get to ML1, and the right choice depends on a multitude of factors. Here are some examples of best practice for breaking up next works:
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lamar Bailey. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/climbing-vulnerability-management-mountain-ml1/