Whenever you are onboarded to a new VM project, try to understand the following parameters as soon as possible:
1. Tools Used
a. VM Solution - Qualys, Rapid7, Tenable, CrowdStrike etc.
b. Data Analytics Solution - PowerBI, Splunk, ELK etc.
c. Ticketing Solution - SNOW, JIRA etc.
e. Dedicated vulnerability prioritization solution - Cisco Vulnerability Management formerly Kenna.VM, RiskIQ etc.
2. Architecture - Deployment model, Agent based, Scan engine based
3. Type and in-scope devices
a. Servers, workstations, virtualization systems, printers, cameras etc.
b. Network devices - Routers, switches, firewalls, WAPs, WLCs, LBs etc.
4. Runbook
a. Maintaining asset inventory and asset discovery process
b. Scanning schedule and frequency
c. Type, frequency and number of reports along with their schedules
d. To whom the reports are being sent
e. SLAs around vulnerabilities
5. Process documents (For risk exception, false positive analysis, zero-day vulnerability etc.)
6. Risk prioritization methods (CVSS, EPSS, CISA KEV etc.)
7. Remediation connects with platform teams
8. Tools used for patching (MECM, Redhat Satellite etc.) and patching cadence
9. Various teams responsible for remediation
10. TI sources
11. Metrics
a. Assets with unknown owners
b. Assets on which authentication failed
c. Assets currently not under scanning scope
12. SOW (Scope of work)
13. Top 5 or 10 vulnerabilities affecting the environment
14. Workflow automation if it exists
15. Assets which are EOL/EOS
When you will go through above parameters, you will understand the following:
1. Why some assets are out of scope?
2. Why EOL/EOS devices still exist?
3. Why some assets are not scannable?
4. Why overall vulnerability count is high?
5. Why multiple scanning solutions are used?
6. What kind of support we are providing to client?
I will not provide answers as they are subjective .. It's for you to think, find and research :)
Happy Learning !!
VulnerabilityManagement Cybersecurity
No comments:
Post a Comment