An accelerating vulnerability landscape
As organizations work to accelerate their digital transformations and infrastructure becomes increasingly more dynamic, security vulnerabilities continue to be a major concern. Taking into account the sheer number of known vulnerabilities, it is becoming increasingly difficult to effectively manage the problem. Also, as organizations move more and more applications to public cloud and increase use of containers, they are faced with managing the impact of these technologies on their security and compliance posture. For most organizations, the biggest challenge is determining where to focus their finite number of security and operations resources against a constantly changing set of security vulnerabilities which are being targeted by increasingly sophisticated attacks.
Prioritization is key
In order to better prioritize security vulnerabilities, contextual information from the security team and operations team is critical. This includes key security information like the severity of the vulnerability and the origin of the risk. It also includes understanding the nature of assets and data that might be exposed as a result of the vulnerability being exploited. Another important data point is whether a patch is available and when it can actually be deployed. This combination of security and operational context is required in order to effectively automate the remediation.
Accelerating remediation through actionable intelligence
Security teams focus on finding and tracking vulnerabilities, and while operations teams are tasked with fixing those vulnerabilities, their focus is on maintaining appropriate levels of performance and availability. This presents conflict for the operations team, as fixing the vulnerabilities often impacts availability of the impacted systems. Security and operations teams require a way to significantly reduce the risk to their organization, while meeting each team’s respective goals.
What’s needed is to combine the results of vulnerability scanners with the operational and business context of IT automation tools in order to create a standard and repeatable process for vulnerability management. The ideal end state is to ensure that organizations are focusing on the highest risk vulnerabilities as they work to find and remediate the full spectrum of security risks. This requires a closed-loop process that enables security and operations teams to accelerate remediation through automation, create a feedback loop to track progress over time, and drive continuous improvement.
The challenges described here are not insurmountable. In fact, with the right tools and processes, security vulnerabilities can be detected, prioritized and remediated in a way that minimizes business impact, reduces the attack surface, and maximizes security.
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.