5 top vulnerability management tools and how they help prioritize threats

The science and technology behind vulnerability management has changed a lot in a short time. When originally deployed, vulnerability management companies acted almost like antivirus vendors in that they tried to get their scanners to uncover as many potential threats as possible. They would even brag about being able to detect more vulnerabilities hiding in testbeds than their competitors.

The trouble with that logic is that unlike viruses and other types of malware, vulnerabilities are only potentially a problem. For a vulnerability to be truly dangerous, it must be accessible to an attacker and relatively easy to exploit. So, a vulnerability sitting on an internal resource isn’t much of a potential threat, nor is one that requires additional components like secure access to other network services. Knowing what is truly dangerous is important so that you can plan what to fix now, and what to put off until later or even ignore.

It’s also helpful to categorize vulnerabilities based on their potential impacts should they be exploited. This includes the potential severity of the exploit like wiping out an entire database versus locking out a single user and the value of the resources affected. Having your public-facing website defaced is embarrassing, but having confidential data stolen can be critical.

The best vulnerability management programs should add context to scans. Some even offer automatic fixes, training or preventative assistance using artificial intelligence (AI). Understanding compliance standards, legal mandates and best practices that apply to the organization launching the scan is also important. With potentially thousands of vulnerabilities hiding in any large enterprise network, it’s the only way that fixes can be reliably prioritized.

The following five products push the envelope for at least one aspect of vulnerability management.

Kenna Security Vulnerability Management

The Kenna Security Vulnerability Management platform was one of the first to incorporate real-time threat data into vulnerability management several years ago. Since then, the platform has been expanding to include more threat feeds including one that the company manages specifically based on its client’s networks. It has also added support for more vulnerability scanners and today works with just about everyone on the market.

Kenna does not do any scans itself. Instead, it provides connector programs that allow it to ingest data from almost any vulnerability scanner including those made by Tripwire, Qualys, McAfee and CheckMarx. The platform itself is deployed as a service, with customers logging into a cloud portal to check their information and to give Kenna permission to learn about the network that it’s protecting.

The idea behind Kenna is that it collects the many vulnerability alerts sent in by scanners, and then compares that with threat data in real time. It can tie a discovered vulnerability back to an active threat campaign that is exploiting it and prioritize a quick fix. Any vulnerabilities being exploited out in the world are automatically elevated in priority, so defenders can fix the most dangerous problems before attackers discover and exploit them.

Copyright © 2020 IDG Communications, Inc.

Source Article