Computing systems and applications pose an inherent risk to IT, as they contain vulnerabilities that can be exploited. IT security professionals must quickly identify vulnerabilities, and provide ongoing and consistent remediation or mitigation measures to prevent exploitation of them. The time between discovery of a vulnerability and when the vulnerability is patched provides a window of opportunity for a threat actor to exploit the system. Vulnerability scanners enable detection of vulnerabilities across various computing devices and applications in order to reduce risk, breaches, or compromise.
In this discussion, you will describe the importance of identifying and managing vulnerabilities.
In your initial post, address the following:
- What is the importance of vulnerability management within an information security plan?
- What is the importance of reducing the window of opportunity for a threat actor?
- How do vulnerability scanners and patch management help in reducing the exploitation of vulnerabilities?
In response to two of your peers, answer the following:
- Do you agree or disagree with your peers’ perspectives on the importance of vulnerability management and patch management? Expand upon your ideas and support your stance with internal or external resources.
- Discuss an additional way of reducing the window of opportunity for a threat actor that your peer did not mention.
- Discuss an additional threat that a vulnerability scanner cannot address that your peer did not mention.
Student 2
Hello Class
Having a vulnerability management within an information security plan in place that regularly checks for new vulnerabilities is important for preventing cybersecurity breaches. Without the vulnerability testing and patch management system, old security gaps may be left on the network for a long period of time, which gives attackers more opportunity to exploit vulnerabilities and carry out their attacks. Most organizations that suffers a breach is due to an unpatched vulnerability (Dosal, 2020).
The importance of reducing the windows of opportunity for a threat actor is to make sure that the period of time an attacker can exploit and cause any damage to an organization’s system is reduced. This can be possible if vulnerabilities are detected rapidly and patched immediately to remove any gaps for the attacker to take advantage of. Reducing the windows of opportunity can also help to maintain the integrity and increase the flexibility of the organization networks and system. It can also limit the attacker’s ability to develop an effective attack mechanism, because the organizations are able to quickly identify these vulnerabilities and eliminate them before the attackers can jump on it.
Vulnerability scanners helps identify systems and software that have known security vulnerabilities. For each of the identified devices, it also attempts to recognize the software installed on it and the operating system it runs. This includes other aspects such as open ports and user accounts. Vulnerability scanner is also a security method used to detect and identify weaknesses in the IT systems. Patch management is the process of managing a business network of computers by installing and applying, in an appropriate manner, all missing patches to ensure that these computers are up to date. These patches are designed to repair any vulnerability or defect identified after an application or software is released.
Dosal, E. (2020, January 16). Understanding the Importance of Vulnerability Management. COMPUQUIP CYBERSECURITY. https://www.compuquip.com/blog/importance-of-vulnerability-management#:%7E:text=Vulnerability%20management%20is%20the%20practice,to%20cause%20a
Security, R. (2019c, September 11). Vulnerability Scanning vs. Patch Management: What’s the Difference? RSI Security. https://blog.rsisecurity.com/vulnerability-scanning-vs-patch-management-whats-the-difference/
Student 1
Hello class,
When it comes to an information security plan, vulnerability management is especially important. Many organizations rely on software and hardware components that inevitably come with a host of vulnerabilities in their design. These vulnerabilities leave organizations open to the threat of their data being breached. Organizations need an information security program in place to manage these vulnerabilities. Some of the vulnerability issues organizations set out to resolve are, lack of user training, environmental issues, gaps in business processes, and poorly designed safeguards or controls. Hardware and software vulnerabilities are discovered using methods such as testing or active exploits also known as “zero-day vulnerabilities”. Software vulnerabilities are fixed using patches or what is referred to as patch management. Many vulnerabilities occur due to organizations failing to secure their devices with antivirus software or other tools that help prevent malicious malware from infecting their systems. Factory-default settings make it easy for attackers to guess passwords further adding to the vulnerability issues. Unused ports on switches should also be disabled. Leaving unused ports open on a switch can provide easy access for an attacker. (Reuters Thomson, 2018)
Enterprise patch management is intertwined with issues such as prioritization, testing, and timing. For instance, patch bundling lengthens the discovery time of a vulnerability to the time a patch becomes available. If an attacker comes across the same vulnerability before the patch is released, the attacker will have a larger window of time to exploit the vulnerability. However, if a vendor releases a patch immediately and if the patches are bundled the patches may be installed more quickly, which may shrink an attacker’s window of opportunity. (Murugiah Souppaya, July 2013)
Vulnerability scanners search for weakness in, computers, applications, or networks. Vulnerability scanners check for active Ip addresses, missing critical patches, running applications, open ports, missing security controls or default user accounts that have not been disabled. Some security tools that can be used for vulnerability scanning are, Nessus, Microsoft Baseline Security Analyzer, and a Retina Vulnerability Assessment Scanner. (Murugiah Souppaya, July 2013)
“Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems.” (Murugiah Souppaya, July 2013) Patch management plays an important role in maintaining sound security. Patches are an effective way to alleviate software vulnerabilities. Patches fix functionality problems and security problems in firmware and software. Exploitation of these vulnerabilities can be greatly reduced by applying patches. (Murugiah Souppaya, July 2013)
References
Murugiah Souppaya, (July 2013) Guide to Enterprise Patch Management Technologies, retrieved 6/8/2021
https://nvlpubs.nist.gov/nistpubs/SpecialPublicati…
Reuters Thomson, (2018) Cybersecurity Tech Basics: Vulnerability, retrieved 6/8/2021 https://www.cisecurity.org/wp-content/uploads/2018/07/Cybersecurity-Tech-Basics-Vulnerability-Management-Overview.pdf
0 comments