Understanding the Importance of Threat-Based Vulnerability Management
The term ‘Vulnerability Management’ is now used quite often, especially when discussing proactive approaches to cybersecurity, such as endpoints, security operations, and managed risk. However, vulnerability management is not a term that is completely understood by businesses.
For businesses to make an informed decision about their security setup, they need to understand what the term ‘vulnerability’ means in cybersecurity, the link between vulnerability and risk, what vulnerability management is, and why it’s important.
Before we start, we need to understand the differences between ‘threat’, ‘vulnerability’ and ‘risk’ within threat modelling and their relationship with one another.
Threat – Entity developed and identified by the designed threat model.
Vulnerability – Potential or known weaknesses within the organisation that a cybercriminal can exploit.
Risk – The potential for business damage (reputation, finances, data) when a threat exploits a vulnerability. This can be shown as a defined risk rating or score.
The below graphic shows how a threat and vulnerability generates a risk score:
For a vulnerability to be present, it would have had to have been manifested from an initial threat. In terms of cyber-security, the threat can be a cybercriminal looking to gain access to your account. This will then be triggered by a potential or known vulnerability. For example, a weak password. This possibility will define risk rating depending on the likelihood of the threat or potential damage the vulnerability can cause to the organisation. The higher the risk, the higher the chances of a cybercriminal gaining access to a system or network.
While they may not be aware of it, businesses are very much in control of managing a threat. This can be controlled by implementing various preventive measures that reduce the overall threat presence that’s identified in the threat model.
So how does Threat-based Vulnerability Management help businesses?
What does ‘vulnerability’ mean in terms of Cyber Security?
Before we explain vulnerability management, understanding the definition of vulnerability within the cyber-security world is important.
Vulnerabilities can be defined in two ways; a potential vulnerability and an exploitable vulnerability. Both are potential weaknesses within an organisation that leave you open, or ‘vulnerable’, to a potential cyber-attack. For example, unpatched software and weak passwords. Vulnerabilities are not limited to logical vulnerabilities but also apply to weaknesses in processes and physical aspects of an organisation. For example, employees not challenging tailgaters, losing ID badges and doors being improperly secured.
Now that you have an understanding of cybersecurity vulnerabilities, let’s explore vulnerability management.
What is Vulnerability Management?
Vulnerability Management is the practice of finding and/or managing potential or known weaknesses that have been found within an organisation. Weaknesses can be found either by conducting a penetration test, scanning for weaknesses using a vulnerability management platform, or naturally during your working day.
Managing known weaknesses will provide knowledge and direction so that a business can remediate any weaknesses and reduce overall business risk.
The important thing to remember is that different businesses have different ways of managing risk. For example, some businesses reduce risk by focusing and prioritising, vulnerabilities, depending on the risk level. Some organisations choose to focus on threat-level. A ‘Risk-based Vulnerability Management’ approach considers the damage a vulnerability could have on a business, associate the level of risk and prioritise accordingly.
However, a ‘Threat-based Vulnerability Management’ approach considers the likelihood that a weakness will be exploited and if other contributing factors exist.
Why is Vulnerability Management important?
According to Checkpoint’s Cyber Security Report 2021, approximately 80% of attacks in 2020 utilised vulnerabilities reported and registered in 2017 and earlier. This information suggests that a vast portion of cyber-attacks are caused by exploiting well-known vulnerabilities.
To reduce the chances of a cyber-attack, organisations must reduce the opportunity for cybercriminals to exploit a weakness using a vulnerability management tool.
However, not all vulnerability management tools are productive. The Edgescan 2020 Vulnerability Statistics Report, found that 60% of security professionals estimate that their organisation’s security function spends over 3 hours per day validating false positives, while 30% of professionals spend 6 hours per day!
While some businesses are actively monitoring and managing vulnerabilities within their organisation, they are not utilising the proper tools, resulting in wasted time and inaccurate results. As new updates, applications, software, platforms, devices and people are introduced, more weaknesses may occur, making a security professional’s job more difficult when addressing weaknesses.
Therefore, having the proper vulnerability management process/tool will not only save money but also play a key role when security-based business decisions are made.
Threat-based Vulnerability Management
In recent years, businesses have become more security conscious, and as a Managed Service Provider (MSP), we know how important security is to both us and our customers. Therefore, part of our duty is to ensure that our clients have access to proper security tools to increase their security posture.
Every organisation is at risk of a cyberattack, therefore, having an appropriate vulnerability management tool is key to managing the risk caused by exploited vulnerabilities.
For this reason, we recently assembled a security team, trained in remediating found vulnerabilities. Their focus is to prioritise pre-discovered vulnerability data depending on the vulnerability threat level to the business.
Vulnerabilities are cross-referenced ensuring an accurate priority listing on which the business can act.
Once a vulnerability has been identified and prioritised, businesses will have the required information to remediate the vulnerability and better protect business data.