Given the dynamic nature of IT environments, annual vulnerability assessments can leave organizations vulnerable to a wide range of threats ranging from unpatched hosts to rouge assets. To effectively manage threats, organizations should periodically validate the security posture of information assets by auditing for common software vulnerabilities and configuration weaknesses. This process includes frequent auditing against standards, configurations, patch management, change control and other operational processes. A comprehensive vulnerability management program integrates into the culture of an IT security program as a systemic activity and allows interested parties to understand the relative risk level of technology assets at any given time.
Approach
VioPoint’s Vulnerability Management consulting service implements tools and processes to help security stakeholders periodically validate the security posture of information assets over their entire lifecycle. Our approach develops and deploys the foundational components of a vulnerability management program. Additionally, VioPoint can manage the program from both a strategic and tactical perspective. The approach includes on-site and remote assistance in vulnerability management and periodic testing exercises to ensure defenses are working as planned (red team exercises). VioPoint defines vulnerability management to include many important activities above and beyond just running scanning tools:
- Conduct frequent configuration audits and vulnerability scanning for external and internal assets.
- Provide on-site and remote support of vulnerability scanning tools using Qualys’ QualysGuard® tool.
- Identify and track open remediation items.
- Implement real world targeted testing (Red Team Exercises) to ensure defenses are working as intended.
- Develop, test and implement audit processes for vulnerabilities and standards compliance for devices.
- Document standards and procedures for the program.
- Provide knowledge transfer to resources (tool use, management, guidance) as appropriate.
Results
Our vulnerability management services will establish a functional program that identifies and manages ongoing threats to the infrastructure. VioPoint establishes the process to sustain vulnerability management as an ongoing part of the operational process for the organization.
- Establishes ongoing threat reviews to reduce risk.
- Creates a sustainable framework that supports compliance and risk management programs.
- Defines process and standards to audit infrastructure risks.
- Provides metrics for trending and reporting on risk levels.
