4 best practices to bring your vulnerability management to the next level

3 min
I
July 15, 2022

Cybersecurity can consume a lot of time and resources – but it does not have to. Our work with clients in different industries and company-sizes from all over the world helps us gain invaluable insights to understand the bottlenecks of cyber security processes.

Automatization is the key to successful vulnerability management, because instead of spending resources on repetitive, time consuming tasks you can focus on actually remediating vulnerabilities to harden your IT-Infrastructure. This blogpost highlights four best practices in vulnerability management that help you make the most of your resources to effectively improve your cybersecurity. It might not come as a surprise but the secret sauce is automation.

Leverage automated data integration

Handling IT-Security means managing a complex process:

  1. Mapping assets
  2. External and internal scanning to discover issues
  3. Prioritizing vulnerabilities
  4. Fixing vulnerabilities

Many companies use a multitude of tools throughout this process, which makes it difficult to organize it seamlessly. APIs are a game changer here. Just like BI, Data and Analytics teams rely on data orchestration tools to make siloed data from different locations available, state of the art vulnerability management tools automatically integrate data from vulnerability scanners and other security tools already in use and combine it in one place. The result is a centralized overview that simplifies and enhances decision making.

Autobahn Security for example uses Qualys as a native scanner but also allows users to automatically import reports from other tools like Nessus (including Tenable) or Rapid7.

Automate asset discovery

If you want to secure your IT infrastructure, you first need to know all about your digital assets, even that subdomain that was created years ago and has never been used. But keeping track of your digital footprint takes away time and energy from maintaining your digital infrastructure. Did you know that many IT-Teams still rely on Excel and Powerpoint to maintain an overview of their infrastructure? What sounds like an annoyance for IT and security experts (which it is), often directly effects their businesses. According to a a 2021 report in the MIT Technology Review Insights, "53% of managers have experience a cybersecurity attack originating from an unknown, unmanaged, or poorly managed digital asset.". Automated asset discovery saves resources and ensures that you are on top of your attack surface management.

Autobahn Security for example makes internal and external asset discovery easy: Your email address is enough for Software to start looking for your domains, sub-domains, and cloud assets. You can also connect your Cloud-Provider (like AWS or Azure) to import all assets hosted there and add additional assets manually if needed.

Not every issue needs your undivided attention

Vulnerability scanners are built to detect as many vulnerabilities as possible. That's generally a good thing, you wouldn't want to miss a critical vulnerability. The downside is: You end up with awfully long lists of issues and you eventually have to go through all of them to know which vulnerabilities you should fix first. If you are using different scanners for different IT environments, you might even end up with quite a lot of doublings which make this list even longer. As a result too much time is spent on manual reviews of scan reports. Even more critical: The (ISC)² Cybersecurity Workforce Study (2021) found that "Not enough time for proper risk assessment and management" was the second most common (30%) consequence of the continuing cybersecurity workforce shortage.

At the same time the majority of this time could be allocated elsewhere. Foremost vulnerabilities there are existing standardized fixes of proven workarounds, not every vulnerability is actually exploitable and recurring issues don't require the same amount of attention. Vulnerability remediation and prioritization tools (like Autobahn Security) tackle exactly this problem: The scan results are integrated and the data is aggregated into actionable step-by-step recommendations.

At Autobahn Security we call these recommendations Cyber Fitness Workouts. Just like a personal trainer helps you achieve your fitness goals, we guide your remediation process, and track your progress. The dashboard shows you the workouts to do – sorted by impact thanks to the Hackability Score that is attached to each of them.

Improve your prioritization

The vast number of security threats typically outnumbers the available security staff. Infrastructures simply grow and get more complex faster, than companies can hire or train experts. The shortage of IT specialists will most likely not disappear, at least not any time soon, and cybersecurity is among the most sought after fields. This doesn't mean there is nothing that can be done - there are many ways and tools that help teams work more efficiently across all departments in all kinds of companies worldwide.

Just like vulnerability scanners help to automatically discover IT assets and vulnerabilities associated with them, remediation and prioritization tools free up critical resources by automatically processing and prioritizing this information making it actionable. No worries, even if the data on security threats is automatically processed and prioritized, there is still a lot of work to do in other areas like patching, hardening, and exposure. But the majority of your time should be spent on tasks that actually require you to take action.

Obviously prioritization is a crucial task to remediate vulnerabilities and as any business should allocate their resources to where they generate the best outcome. Cybersecurity is no exceptions, but there are many ways to prioritize vulnerabilities, and different approaches to define outcome. The probably most common model is the Common Vulnerability Scoring System (CVSS).

Autobahn Security for example has developed its own formula, prioritizing workouts by impact and effort. Our model goes beyond the technical CVSS and considers also wether a vulnerability is actually attractive to hackers and how much effort is required to close it. From a business perspective you could think of it as prioritizing for ROI (Return on Invest), the Autobahn Security Platform will prioritize you workouts to improve your Hackability as much as possible with as little effort as possible. This way our clients see an average decrease of Hackability by 30% during the first three months. It is of course up to the user to decide which workouts to tackle first. For example, you might want to prioritize a smaller workout, because it can still be done in the next sprint (if you are working in sprints). Either way, the heavy lifting up to this point is done for you.

Learn more about how Autobahn turned almost 1.000.000 issues into 74 actionable workouts.

Conclusion

Automation provides many best practices for vulnerability management. Effective remediation is a core functionality of Autobahn Security's Cyber Fitness Platform. Our vulnerability remediation and prioritization software is designed to automate those tasks that take up the most time of security professionals. This way we can save up to 90% of the time spent throughout on vulnerability management, freeing up scarce resources in IT departments.

Our Cyber Fitness workouts offer easy to follow step-by-step instructions to fix the root causes of vulnerabilities. They also enable non-security IT experts to handle these tasks. Our Hackability score makes this progress visible, which is also a great motivation for all those involved.