There’s no question that penetration tests are a fundamental part of a security program. Although they are a standard practice, organizations often do not manage them effectively. With a little planning and active oversight, organizations can make their vulnerability management processes much more efficient.
Two of the roadblocks for effective vulnerability management are the lack of appropriate information, lack of collaboration between the testing team, and the teams responsible to ensure that vulnerabilities are appropriately mitigated.
This supports the question – how do I effectively manage all of my known vulnerabilities?
Evolve believes that the Darwin Attack platform enables better exchange and management of information, and effective collaboration between all stakeholders.
The Process
The Evolve Offensive Security Services team actively uses the Darwin Attack platform to support client communication and collaboration. This enables the appropriate communication of vulnerability information by providing details about the vulnerability, its severity, and the systems on which the vulnerability was discovered. This provides anyone who has access to Darwin Attack platform, the information required to truly identify the discovered vulnerabilities. Darwin attack enables the organization to track all vulnerabilities – regardless of status, regardless of test date, in one uniform, integrated solution.
Organizations can leverage this information to help prioritize identified vulnerabilities. Part of this process is identifying vulnerabilities that you have prioritized as not worth fixing. This may be because the system is soon being replaced or retired or the relative risk is so low that it is simply not worth the time and effort to perform remediation. Darwin Attack allows users to mark such vulnerabilities with a disposition of “risk accepted.” This effectively allows organizations to benefit from identifying the risk has already been reviewed, accepted and does not need to be re-evaluated on future assessments.
Organizations then performs remediation on the remaining prioritized vulnerabilities. As remediation is completed for the particular vulnerability and affected system, the organization users can mark the vulnerability as “remediated.” This allows any user consulting Darwin Attack to see which vulnerabilities have been mitigated, and which ones still require remediation activity. This simplifies remediation since it provides one authoritative source for all information about the identified vulnerabilities. This is invaluable for all team members involved in remediation or reporting on progress, and auditors verifying vulnerability management activities.
If Evolve Security’s remediation testing service has been included in testing, organizations can schedule remediated vulnerabilities to be retested and closed as “verified,” or if validation failed, Evolve Security can reset the status to ensure clients are aware that remediation still needs to be completed. This entire process enables the organization to efficiently manage vulnerabilities and associated risks.
Improve the Process
Managing vulnerabilities is a continuous process. You might perform a penetration test, and within 24 hours of completing the initial test, everything has been fixed, and you have completed remediation testing.
The challenge is that while you have been patching over the past 24 hours, researchers and cybercriminals have uncovered 60-70 new vulnerabilities (based on volumes so far in 2022). And, unfortunately, those cybercriminals have become very adept at rapidly weaponizing exploits, publishing those exploits in dark web forums, and implementing them into exploit kits. The result is that your vulnerability management program is always playing catch-up.
To truly manage your exposure, organizations should consider migrating towards test-on-demand or continuous testing scenario. This enables organizations the ability to conduct testing more frequently. As Evolve Security’s Offensive Security Services team tests, they will continue to update the Darwin Attack platform with new findings. The organization can review findings by either each individual test, or can review all exposed vulnerabilities across multiple assessments.
This information provides organizations timely and accurate information about the current state of their vulnerabilities and their entire vulnerability management program. This enables the organization to not only manage risk in their organization, but demonstrate that they are doing so.