By: Byron Anderson
Vulnerability Management is the process of scanning your environment to find out where weaknesses in security exist that would allow that environment to be compromised. The next logical step is then to have an action plan to remediate those weaknesses. Any organization interested in patching should also be performing Vulnerability Management for similar reasons as patching: to identify and remediate weaknesses.
It’s very common to find environments that are having their Operating Systems patched on a regular basis, but most organizations forget about 3rd party applications that need updates or security settings in the operating system that haven’t been configured. Something as simple as one 3rd party application can represent hundreds of vulnerabilities, yet it only takes a few minutes to update. Flash, Java, Firefox and Google Chrome are all great examples of 3rd party applications that exist on many systems that if not updated regularly can quickly represent a significant security risk.
Many breaches that take place are the result of vulnerable 3rd party applications. The Equifax breach in 2017 that exposed sensitive data on as many as 143 million Americans is a perfect example of what can happen if an application is left unpatched. Many of these types of vulnerabilities can be leveraged with little technical skill using pre-existing tools that can easily be found on the Internet.
New vulnerabilities are always being identified – in fact, more than 16,000 new vulnerabilities were identified in 2018 – so it’s important that you have a regular cadence of not only patching your environment, but also scanning your environment for new vulnerabilities or weaknesses. Being aware of the potential security risks in your environment and managing those is a key component to following best security practices.
If you believe that patching your systems is important, you should consider adding Vulnerability Management to your environment. It’s preventative maintenance that can make all the difference in your security posture. Atmosera can help you set up and manage a vulnerability management program – and protect your systems.