The top 6 vulnerability management best practices to know
Any security leader must be able to provide a standard for due care and help to build a comprehensive security program that is good for the entire business. This is no easy feat. With increased threats and security breaches becoming more sophisticated and pressured to be compliant, it comes as no surprise that security is today’s top buzzword. With all the security buzz on the minds of business leaders, we see an increase in demand for security initiatives. However, as leaders at small to medium-sized businesses look to their in-house staff to implement, they are discovering a lack of skills and resources to build the proper IT infrastructure to keep them secure. With the ease and greater benefits of outsourcing today, it’s creating more opportunities for their trusted managed service provider (MSP) to fill the demand with an as-a-service offering. It’s no surprise that managed security is growing at the highest rate of all Technology-as-a-Service, at a compound annual growth rate of 17%.
Often, we hear that MSP clients assume security is included as part of the standard of services already provided to them. We have also uncovered through interviews that organizations and MSPs alike often have a hard time getting their users to adopt better security practices, even simple ones to implement, like multi-factor authentication and password policies. One thing they all have in common, however, is that they want to be better at security.
Let’s start by stating that achieving ‘better security’ is all about the layers of security that can be established to protect the organization, its users, and most of all, its data. We also conclude that there is no ‘security bliss’ where all levels have been laid, and there is no longer any risk.
Security can best be established as a framework for users and the data they share. When we break down security into manageable layers, we can create the following categories. Each category has its own standards and processes to be documented and carried out by a security leader or a team of security leaders.
- Governance
- Policy management
- Awareness and education
- Identity and access management
- Vulnerability management
Each topic can be quite involved, so our focus for this article will be vulnerability management, as it becomes the foundational layer of the organization’s threat defense strategy.
Most MSPs are already offering services for managing vulnerabilities through patching operating systems and third-party products. Vulnerability management is just one part of the security process in identifying, assessing, and resolving security weaknesses in the organization. Often there is a focus on the technical infrastructure, like updating endpoints, managing components of a network, or the configuration of firewalls.
Let’s take a closer look at the process and practice of vulnerability management in these six steps:
- Policy — Your first step should include defining the desired state for device configurations. This also includes understanding the users and their minimum access to data sources in the organization. This policy discovery process should consider any compliance measures like PCI, HIPPA, or GDPR that may exist. Document your policy and your users’ access.
- Standardize — Next, standardize devices and operating environments to identify any existing vulnerabilities properly and to meet compliance needs noted during the policy discovery process. When you standardize all your devices, you also streamline the remediation process. If users are all operating on the same type of hardware/software setup, steps three through six have the propensity to be more effective and make the process more efficient.
- Prioritize — During remediation of a threat, any activities conducted must be properly prioritized based on the threat itself, the organization’s internal security posture, and how important the data residing on the asset is. Having a full understanding of your assets and the roles they play in the organization will play a critical role when prioritizing active threats. Document and classify your assets so you can easily prioritize when there is a threat.
- Quarantine — Have a plan in place to circumvent or shield the asset from being a bigger threat to the organization once compromised.
- Mitigate — Identify root cause and close the security vulnerability.
- Maintain — It is important to continually monitor the environment for anomalies or changes to policy, patch for known threats, and use antivirus and malware tools to help identify new vulnerabilities.
Vulnerability management is an essential operational function that requires coordination and cooperation with the business as a whole. Having the entire business buy into better security is paramount to the success of the program. The team must also have a set of supporting tools with underlying technologies that enable the security team’s success. Operational functions include vulnerability scanning, penetration testing, incident response, and orchestration. Remedial action can take many different forms: Application of an operating system patch, a network configuration change, a change to a custom-built application, a simple change in process, awareness and education for users who consume and share organizational data. Tools can range from RMM to SEIM, to simple antivirus/malware and backup toolsets.
At ConnectWise, we aim to promote security consciousness in everyday IT practices and help our partners elevate their value by offering Security-as-a-Service. With ConnectWise Automate®, you can perform multiple vulnerability management functions such as identification and management of assets, utilize the computer management screen to help quarantine and mitigate vulnerabilities, and patch Windows® operating systems, as well as third-party applications on a mass scale. You can also utilize monitoring and patching policies within ConnectWise Automate and bring automation to your vulnerability management process. Incorporate auto-approval and installation of critical and security updates once they are released from Microsoft®. When you implement automation into the workflow, you help to reduce human error and save valuable time.
We also believe in connecting the various tools your teams work in daily to streamline tasks and gain greater visibility into everything you manage. Our ecosystem of security solutions that connect to the ConnectWise platform continues to grow. If adding solutions to your stack is at the top of your list, visit the ConnectWise Marketplace or contact your Account Manager to discuss what tools may be right for you and your customers.