In today’s Whiteboard Wednesday, Matt Hathaway, Product Marketing Manager at Rapid7, will discuss the evolution of vulnerability management technology.
Matt will talk briefly about how vulnerability management technology worked in the past and how these tools have been slow to evolve and provide real value to the security practitioner.
He identifies five different areas where vulnerability management solutions could improve:
Here at Rapid7, we are happy to announce major enhancements to our vulnerability management solution, Nexpose, which tackles these five issues. We believe it is the vulnerability management solution you have been waiting for! You can learn more about these enhancements to Nexpose here. If you like what you read, feel free to download a free 14-day trial.
Watch this week’s Whiteboard Wednesday to learn more.
Welcome to this week's Whiteboard Wednesday. I'm Matt Hathaway. I work in the Solutions Marketing team here at Rapid7, and I'm going to talk about the evolution of vulnerability management.Show more Show less
First off, let's talk about historically. For probably a decade now, there have been a lot of limitations that the technology that vulnerability management teams have had available to them. There was really only one way to scan the network and identify vulnerabilities. The network scan... There weren't other tools. It was pretty limiting and that meant that you typically only knew about local and connected assets that were all in your network, and you know about the risks that they pose. This is, of course, servers and the desktops that aren't shut down for the weekend, but it also is all done in this way because there were times when it was very limiting on the productivity of the network, on the bandwidth, so people set these narrow scan windows. They made it so you wouldn't impact business, and that kind of limited what the security team could be aware of and they were restricted to that time frame.
That's all before discovery. That's all finding the vulnerabilities and the exposures. That doesn't even go into the aspect of IT and how you have to kind of lob all of these results over to the IT team and ask them to take action, and then you lose track of where things are. You don't know what kind of progress is being made. It's kind of this black box or people are using Excel to track everything. It's really not ideal and we should ask for a lot more, and that's the next piece is setting your standards higher. Given today's development in software and all of these other technologies available today, you should expect more. You should need more for your team to mature and get better and more efficient, first of which is automatic asset discovery. At a bare minimum, when an asset grabs an IP address, you should be notified. You should be aware of this and be able to find out if that's a new risk to your business.
Flexible data collection. You need to be able to identify, not just via scan, that will always be very valuable, but to be able to identify by other means when there's a vulnerability on a system, when something else brings an exposure to your organization. And then looking at this through modern analytics, using the big data processing, the heavy lifting to identify trends and patterns in these raw results that you're so used to filtering through and chucking over that wall, but to be able to identify a larger systemic issue. Closing the loop on the tracking, being more of a team with IT, but knowing without looking in their systems, to know yourself when you identify vulnerability and when you say this needs to be remediated, when will that be done? How much progress are we making? And finally, to have all of this available for your Cloud environment, for your remote workforce because both are growing constantly and you need to be aware of the exposures involved in those.
So, if you like any of what I've described here, I implore you to check out what we're doing with Nexpose, and that's all I had today. Thanks for joining us for Whiteboard Wednesday.