1. Scan on quarterly basis
Suitable when ->a. The enterprise is small
b. Resources are constrained for scanning and/or analysis
c. Vulnerability scanning is done by an external firm (i.e. an MSSP)
Drawback -> Difficult to increase frequency while focused on the entire enterprise
2. Scan on weekly/monthly basis
Suitable when ->
a. The enterprise is large and identifiable units
b. Scanning timetables can be coordinated with remediation actions by business unit IT staff
c. Analysis and prioritization of vulnerabilities can occur quickly
Drawback -> Requires coordination with IT to ensure coordinated remediation
3. Continuous Scanning -> Always some part of the enterprise is being scanned
Suitable when ->
a. The VM team has the skills and resources to maintain continuous scanning
b. Assets in the enterprise change quickly
Drawback -> Analysis of vulnerabilities need to happen at scale and very quickly
Starting point for a typical scanning strategy:
1. Discovery Scan -> Scan all IP address ranges on daily basis, but leave out all the hosts known from previous scans.
2. Full Vulnerability Scan -> Scan live systems found in discovery scan on weekly basis (This means only doing time-consuming port-scanning for up-and-running hosts, since this scan is done against known targets, not entire IP address ranges. This massively reduces the time required for the scan while delivering complete and precise results.)
Please refer the below URL for more details:
https://www.tenable.com/blog/5-tips-on-how-to-conduct-a-vulnerability-assessment
Happy Learning
vulnerabilitymanagement cybersecurity
No comments:
Post a Comment