The art of detecting vulnerabilities within the enterprise environment has been around for some time. Vulnerability scanning and management technologies and methodologies have evolved (sometimes rather quietly) to meet customer demands, which are fuelled by compliance and regulatory requirements.
In simple terms, vulnerability scanning is to look for vulnerabilities within an environment.
As an example, let’s use a house. A vulnerability could be any weakness in the house that a burglar could use to break in or damage the house.
If we ran a vulnerability scan against the house, it would probably return results that would resemble something like this:
- Bedroom window open
- Bathroom window not locked
- Weak garage door lock
- Inner door unlocked
- Open Curtains / blinds
- Mailbox open
- Kitchen tap dripping
The list will go on for a number of pages and list out hundreds, if not thousands of vulnerabilities.
For most, addressing each and every vulnerability is not possible. So, the question is, which one of these vulnerabilities merits attention?
Context is King
Ultimately it boils down to having context around the vulnerabilities. For example, is the open window located on the ground floor where it is easier for someone to climb in, or the 10th floor, where an attacker would have to rappel down from the rooftop or a helicopter to gain entry?
External factors also play a big role. Having a weak garage door lock may not be a problem if one lives in an area of low crime, and nothing of value is stored within it. Conversely, it becomes a higher priority if the area is of high crime and one parks a desirable vehicle within it.
Ultimately, addressing vulnerabilities is a lot like managing any other identified risk. Having additional information adds necessary context needed to make the appropriate risk-based decisions. Knowing your assets, establishing acceptable baselines, and having reliable threat intelligence can all contribute to helping manage vulnerabilities.