There are lot of ways but following are the common ones:
1. ZonesEvery company organizes its infrastructure in zones like "External Facing", "PCI Zone", "Internal Zone" etc. One can prioritize remediation efforts based on criticality of zones. In most cases, timelines are decided for zones, then vulnerabilities are prioritized according to these timelines.
2. Severity
As we all know, common severity values are "Critical", "High", "Medium", and "Low". One can always focus on "Critical" and "High" ones.
3. Exploit Availability
Vulnerability scanning solutions like Qualys and Nessus, in most of the cases let us know whether exploits for a particular vulnerability are available or not. If this information is not present, then threat intel tools can be referred.
4. Patch Availability
Vulnerabilities with available patches should be prioritized. Amongst these such patches where reboot is not required, should be given priority.
5. Compensating Controls
If one is aware about his/her organization's infrastructure, then wherever compensating controls like WAF, Standard firewalls etc. are in place, can be given less priority.
6. Threat Intel
If threat intel team notifies you of vulnerabilities getting exploited presently, then you can perform analysis using above points and if required can spin up an OOB(Out Of Band) patching process.
Please note:
Not every vulnerability is meant to be remediated and it is not practically feasible as well. If a vulnerability exists that does not mean that it will get exploited. That's where role of a Vulnerability Analyst comes handy (to decide which vulnerabilities should be prioritized based on above mentioned points).
Happy Learning !!
No comments:
Post a Comment