Vulnerability management is a pro-active approach to managing network security. It includes
processes for:
- Checking for vulnerabilities: This process should include regular network
scanning, firewall
logging, penetration
testing or use of an automated tool like a vulnerability scanner.
- Identifying vulnerabilities: This involves analyzing network scans and pen test results,
firewall logs or vulnerability scan results to find anomalies that suggest a malware
attack or other malicious event has taken advantage of a security vulnerability, or could possibly
do so.
- Verifying vulnerabilities: This process includes ascertaining whether the identified
vulnerabilities could actually be exploited on servers, applications,
networks or other systems. This also includes classifying the severity of a vulnerability and the
level of risk it presents to the organization.
- Mitigating vulnerabilities: This is the process of figuring out how to prevent
vulnerabilities from being exploited before a patch
is available, or in the event that there is no patch. It can involve taking the affected part of
the system off-line (if it's non-critical), or various other work-arounds.
- Patching vulnerabilities: This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing,
This was last updated in November 2010
Posted by: Margaret Rouse
Email Alerts
Register now to receive SearchSecurity.in-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy