At the core of any successful vulnerability management remediation process is an alignment of competent resources, security best practices, and continuous assessment. With cyberattacks becoming an ever-growing part of our daily lives, it’s important that organizations put a functional vulnerability management remediation process in place.
But first, we should ask the question, what exactly is vulnerability management? Well, in ideal circumstances, you can plan for the following items:
Cyber Security Governance outlines executive management’s strategic direction in setting scope, remediation cycle, term objectives, budget, and realistic expectations of performance as negotiated with stakeholders.
Cyber Security Strategy that defines roles, responsibilities, prioritizations of what is critical or required to protect for both business continuity and legal reasons such as regulatory compliance needs.
Program Solutions such as vulnerability management scanners to enumerate vulnerabilities of configuration and patching levels.
With this in mind, you can now define a process. Although many groups exist with varying viewpoints, there are some key elements that each process has in common:
- Assess Vulnerabilities
- Prioritize Findings by Impact
- Action on Findings
- Re-assess and Validate Progress
- Report Metrics/KPIs
With this community post, I just barely scratched the surface of this topic. Our team has included a wealth of knowledge in our blog post here, but I want to hear from y’all! Have you implemented a vulnerability management remediation process? If not, is it something you’d like to do?
I’m waiting on the Automox integration from Crowdstrike Spotlight to handle this for me, I know its on the roadmap, but do we have any further news on when this might occur?
Thanks so much for the comment. We’ve formally ended our partnership with CrowdStrike, however, we will be moving forward with a generic threat ingest. It will allow you to upload a vulnerability report, like the one you have access to via CrowdStrike’s Spotlight, and set up tasks for immediate remediation. Each task will be a separate CVE id with your corresponding impacted hosts.
The new task screens in the console will feature in-progress reporting at the device level for each individual task. Check out this screenshot below for a better idea:
Screen Shot 2021-06-17 at 11.27.25 AM1678×875 65.2 KB
Feel free to DM me. I’d be happy to do a walkthrough of this Task service with you, answer any questions and get your feedback.
Scott, I’m interested in this new task feature. Do you have a partnership with Qualys for uploading vulnerability scan reports?
Hey @jgreen! Thanks for your question. We’re actually making the threat remediation ingest totally generic so that you can take a vulnerability scan report from your vendor of choice, upload it into the Automox console and create discrete “tasks” that are CVE specific.
The only requirement for the upload for the first iteration will be that you have a CVE associated to a hostname within the csv that you upload. So, you’ll need to have at very least 2 headers (one for hostname and one for CVE) in the csv.
Initially, tasks will act as “patch-now” meaning there won’t be scheduling or reboot notifications available. We’re hoping to get to that in the second iteration.
Let me know if you have any other questions.