Regardless of the industry your business is in, there will always be sensitive information that needs to be kept private, confidential and safeguarded, whether they are client databases or industrial/trade secrets. The failure to secure this information from being stolen by attackers hacking your systems can have a catastrophic impact on your organisation. In fact, many countries around the world have adopted regulations and code of practices which require you to maintain a certain level of data protection; examples of these regulations include the Health Insurance Portability and Accountability Act (HIPAA) in the USA, the Data Protection Act in the UK, the Data Protection Directive in the EU and the Privacy Amendment (Private Sector) Act 2000 (C’th) in Australia.
In theory, if you had unlimited resources, you could make it infeasible for an outside attacker to penetrate your security. In practice, however, this is unrealistic. You need to balance the amount of time, effort and cost against the actual threats you are most likely to face. This is where the practice of Vulnerability Management comes in. Vulnerability Management is a methodology, which you continually carry out to figure out, rank, fix, and reduce the effect of vulnerabilities that affect your information system.
Gartner lists several steps in the Vulnerability Management process as below:
- Define your security policy (device configurations, user ID and resource access)
- Create a baseline of your IT systems
- Identify vulnerabilities
- Prioritise mitigation activities
- Shield the environment
- Mitigate the vulnerability and eliminate the root causes
- Stay on guard for policy violations and new vulnerabilities
If this sounds like a lot of complex, repetitive work, well, it is. Luckily, VulnWatcher can automate most of this.
VulnWatcher, our Vulnerability Management solution, helps you know your IT infrastructure and its components as well as identify vulnerabilities and prioritize their relevance. In addition you are able to, at any given time, carry out reassessments of vulnerabilities on your IT infrastructure.