Vulnerability management programs must continue to evolve to match these rapidly changing environments. Adopting a risk-based approach to vulnerability management will help teams prioritize their efforts and align the program with organizational goals.Vulnerability Management Survey
Vulnerability Management, Detection and Response (VMDR) establishes the cyber security foundation that today’s hybrid, dynamic and distributed IT environments require. It’s a continuous, seamlessly orchestrated workflow of automated asset discovery, vulnerability management, threat prioritization, and remediation. By adopting the VMDR lifecycle, organizations decrease their risk of compromise by effectively preventing breaches and quickly responding to threats.
In this way, organizations can safely pursue and extend their digital transformation, which has become essential for boosting competitiveness. As SANS Institute’s Andrew Laman reminds us, cybersecurity must never be an afterthought, even as technology evolves and helps organizations be agile and customer-centric.
IT environments no longer have well-defined perimeters. Their security posture has become porous as organizations adopt innovations like cloud computing, containers, mobility and DevOps. You can’t protect this blurred perimeter with a mishmash of disparate tools that don’t interoperate. That creates data silos, opens up gaps, creates tactical uncertainty, and slows you down.
As Forrester Research blog post The Impact Of Digital Transformation On The Vulnerability Management Space states, this increased complexity generates a need for better asset management and prioritization of remediation workloads. "Many organizations become overwhelmed to the point of having to figure out what actually has to get done; this is the foundation of the vulnerability risk management space."
VMDR’s single, centralized and cohesive process provides end-to-end security that’s built into — not bolted onto — your IT environment, giving you:
In other words, you need an accurate IT asset inventory and comprehensive visibility so you know where all of your systems and applications are, and what they’re connected to. Armed with that information, you can prioritize your efforts based on context and potential impact, and be proactive about patching and updating the systems that need it the most, as Qualys explained in the Help Net Security article The Importance of Proactive Patch Management.
Vulnerability Management, Detection and Response has four core components that form the basis for an integrated, risk-based breach prevention and response program.
You can’t secure what you can’t see. It’s essential to have a complete, updated global inventory of all assets across your network: on prem, endpoints, clouds, containers, mobile, OT and IoT — everywhere. This continuous discovery process must detect all assets — approved and unapproved — and collect granular details about each, such as installed software, hardware details and running services.
Asset data should be normalized, and assets automatically categorized with dynamic rules-based tagging. This classification context helps assess risk. For example: Does this server contain a database with customer data? Must this asset comply with PCI? Is this the CEO’s laptop? The inventory should be easy to query, and to drill down into, as well as be bi-directionally synchronized with your CMDB, giving you a consistent, single source of truth for all your assets.
The importance of asset management can’t be overstated. “Asset management is critical to everything we do as security professionals,” Forrester’s Josh Zelonis wrote in his blog post Introducing Forrester’s Asset Intelligence Model (AIM) For Asset Management.
The traditional “scan-the-network” approach doesn’t scale well for modern IT infrastructure. Therefore all assets — on premises, in public clouds, on endpoints — must be checked for vulnerabilities and misconfigurations continuously, using active, authenticated scans, passive network analysis and, even better, lightweight agents that reside on the assets and detect and report any changes in real time. This Vulnerability Management, Detection and Response phase also includes assessment of digital certificates and TLS configurations.
Vulnerability Management, Detection and Response leverages the latest threat intelligence, advanced correlation and machine learning to pinpoint the riskiest vulnerabilities on the most critical assets. VMDR highlights indicators of compromise, and leverages ML to surface potentially severe vulnerabilities. That way you can prioritize which threats to mitigate first, before attackers exploit them.
"One of the most common ways to fail at Vulnerability Management is by simply sending a report with thousands of vulnerabilities to the operations team to fix," wrote Gartner analyst Augusto Barros in the blog post The New Vulnerability Management Guidance Framework. "Successful VM programs leverage advanced prioritization techniques and automated workflow tools to streamline the handover to the team responsible for remediation."
Vulnerability Management, Detection and Response identifies the most appropriate remediation for each threat, whether it’s deploying a patch, adjusting a configuration, renewing a certificate or quarantining an asset. If patching is the course of action, an effective VMDR solution will automatically correlate vulnerabilities and patches, and select the most recent patch available for fixing a particular vulnerability in a specific asset. With VMDR, remediation is fast, precise and smooth — all critical elements when a delay can give attackers a chance to breach your defenses.
By combining these four core elements, a VMDR process allows security teams to make decisions and take actions that are based on data-driven risk assessments. "Organizations need to implement a risk-based approach in their programs, so they are doing more than just determining the criticality rating of a vulnerability," explains SANS Institute’s Jake Williams in the paper Why Your Vulnerability Management Strategy Is Not Working and What to Do About It.
The Qualys Cloud Platform, combined with its powerful lightweight Cloud Agents, Virtual Scanners, and Network Analysis (passive scanning) capabilities bring together all four key elements of an effective vulnerability management program into a single app unified by powerful out-of-the-box orchestration workflows.
Qualys Vulnerability Management, Detection and Response enables organizations to automatically discover every asset in their environment, including unmanaged assets appearing on the network, inventory all hardware and software, and classify and tag critical assets. VMDR continuously assesses these assets for the latest vulnerabilities and applies the latest threat intel analysis to prioritize actively exploitable vulnerabilities.
Finally, VMDR automatically detects the latest superseding patch for the vulnerable asset and easily deploys it for remediation. By delivering all this in a single app workflow, VMDR automates the entire process and significantly accelerates an organization’s ability to respond to threats, thus preventing possible exploitation.