This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing five of the top network-based inline IPS appliances."
Download it now to read this article plus other related content.
Vulnerability management tools provide a realistic picture of the enterprise, where vulnerabilities are viewed in the context of the IT landscape.
Imagine jumping from a plane. Your view from the air is quite different than your view on the ground. And the perception of your surroundings changes as you parachute down. That's because perception is subjective, individual and often fluctuates as new factors arise. The same notion is true when it comes to securing enterprise networks.
By bringing perceptions of the network in line with reality, security practitioners can reduce the likelihood of mistakes. That's where vulnerability management (VM) comes in. Vulnerability management is an effective way for enterprises to understand their networks--without any preconceived notions.
Case in point: If the perception is that the patch process covers all critical systems, yet the reality is that the corporate e-mail server farm is unpatched, there's a good chance of serious trouble when the next big worm comes around.
By using the four essential tools of VM--asset identification, correlation, validation and remediation--VM solutions can provide a big-picture view of vulnerabilities and determine their potential impact on your network.
No single VM solution is a silver bullet. You'll need to assess your enterprise readiness and determine how VM will be used within your organization. Once that evaluation is complete and you're
You can't manage what you don't know. Chances are good there are devices on your network that are unmanaged, unmaintained and untracked. These could be machines in quality assurance or development labs, nomadic home machines, machines deliberately hidden behind a NAT device, vendor-maintained devices, or any other rogue, or unexpected device. This is where asset identification tools help. They scan the network and report details about all the devices they find--both the expected and the unexpected. These scanning tools can be either host-based, running as an agent, or network-based, using an array of sensors. They can attempt to scan without logging in (uncredentialed scan)--either by using general reconnaissance techniques (e.g, OS fingerprinting, banner enumeration) or by launching ("lite") non-detrimental scans of vulnerability exploits against the machines.
Because vulnerabilities can occur in any of the software installed on a device, the more granular the information about that device that can be obtained, the better. Specifics on the OS version, patch level, installed applications, configuration settings and assigned roles are all useful data to collect.
Be mindful of the network landscape when placing sensors or scanning equipment. Note the location of switches, routers and firewalls to make sure there aren't any dead zones. And don't forget about unusual network-aware devices such as fax machines and printers.
This was first published in October 2005