A traditional approach to minimizing the risk associated with vulnerabilities has been to utilize firewalls to block access or prevent a hacker from using a port, service, application, or protocol based vulnerability to penetrate the network. Most large organizations identify a plethora of vulnerabilities every time they conduct a vulnerability assessment. But scanning for vulnerabilities is only the first step, prioritizing the most meaningful threats becomes a top priority for mitigation and protection strategies. In order to determine priorities for your environment, ask yourself the following questions:
- Is mission critical information at risk because of a vulnerability that is exposed to the Internet or sensitive internal systems?
- Has a vulnerability already been effectively mitigated with network-level controls such as ACLs when no patch or remediation procedure was available?
- Do vulnerabilities in minor systems allow a hacker to escalate attacks to more critical systems?
- Are host configurations being continuously monitored to deliver near real-time risk management as required by FISMA?
Prioritizing remediation efforts according to risk is essential to an effective unified vulnerability management program. If you answered “yes” to any of the questions above, prioritizing these vulnerabilities should start at the infrastructure itself since it can be used to easily leverage other assets in the environment. To do this, security organizations need to take into account the exposure and protection provided by their network infrastructure related to host and application vulnerabilities.
Let’s consider a technology partnership that assists with this prioritization and solves some unique business and technology challenges.
eEye’s Retina solutions offer the industry and government a standard for multi-platform unified vulnerability management, identification of known and zero day vulnerabilities, and provides an accurate discovery all network-connected assets using non-intrusive scanning techniques. eEye delivers a highly comprehensive vulnerability database that is maintained and constantly updated by the eEye Research Team. eEye’s solution is based on an open architecture enabling customized audits, seamless integration with third party platforms and allows users to create custom, corporate-policy driven scans.
RedSeal Vulnerability Advisor software integrates this vulnerability information and analyzes it in the context of network access to determine IT risk. RedSeal Vulnerability Advisor automatically retrieves current scan and asset data from Retina, and uses it to calculate the risk created due to a vulnerability. Therefore, RedSeal provides the ability to evaluate:
- Direct exposure of a vulnerability to trusted and untrusted networks
- Indirect exposure of a vulnerability to untrusted networks through other vulnerable hosts
- The potential for a vulnerability to allow an attacker to escalate an attack deeper into the company network
- The business value of the vulnerable host and its relationship and communication to other systems
- The severity of a vulnerability based on the Common Vulnerability Scoring System (CVSS)
As a complete integrated solution, prioritization problems can be managed in a methodical and predictable fashion (as required by regulatory compliancy laws). RedSeal Vulnerability Advisor analyzes the results of eEye’s Retina solutions in the context of the what access is possible through the network, prioritization of vulnerabilities based on network configuration and vulnerability data, and offer network mitigation options when no remediation strategy is available. These integrated technologies not only consider scanned vulnerabilities, but also how they relate to your network infrastructure, configuration of networking devices, and how they all communicate based on your network topology.