Vulnerability Analysis

Occasionally, it is challenging for most of the Cyber Security experts on how to carry out vulnerability analysis (Assessment). This can be the toughest part of securing the organization’s assets and the method and technique used in doing vulnerability assessment will be a determining factor for the rest of the actions in trying to secure the environment. Vulnerability analysis report is great value for the organization.

Regardless of the obtained results, vulnerability analysis process offers a greater opportunity for the organization to come up with strategic plan and in as far as cybersecurity-threats are concerned. In this blog, we are taking a look at the best practice and steps for carrying out vulnerability analysis that will help to mitigate the threats that might affect the operations and functionality

Vulnerability Analysis

The following is what would be considered to be an effective procedure for vulnerability-assessment when being used by both automated-tools or manual-tools.

1. Initial Analysis

Identify the assets and define the risk and critical value for each device (based on the client input), such as a security assessment vulnerability scanner. It’s important to identify at least the importance of the device that you have on your network or at least the devices that you’ll test. It’s also important to understand if the device (or devices) can be accessed by any member of your company (such as a public computer or a kiosk) or just administrators and authorized users.

Understand the strategic factors and have a clear understanding of details, including:

  • Risk appetite

  • Risk tolerance level

  • Risk mitigation practices and policies for each device

  • Residual risk treatment

  • Countermeasures for each device or service (if the service is correlated with the device)

  • Business impact analysis

2. System Baseline Definition

Second, gather information about the systems before the vulnerability assessment. At least review if the device has open ports, processes and services that shouldn’t be opened. Also, understand the approved drivers and software (that should be installed on the device) and the basic configuration of each device (if the device is a perimeter device, it shouldn’t have a default administrator username configured).

Try to perform a banner grabbing or learn what kind of “public” information should be accessible based on the configuration baseline. Does the device send logs into a security information and event management (SIEM) platform? Are the logs at least stored in a central repository? Gather public information and vulnerabilities regarding the device platform, version, vendor and other relevant details.

3. Perform the Vulnerability Scan

Third, Use the right policy on your scanner to accomplish the desired results. Prior to starting the vulnerability scan, look for any compliance requirements based on your company’s posture and business, and know the best time and date to perform the scan. It’s important to recognize the client industry context and determine if the scan can be performed all at once or if a segmentation is needed. An important step is to re-define and get the approval of the policy for the vulnerability scan to be performed.

For the best results, use related tools and plug-ins on the vulnerability assessment platform, such as:

  • Best scan (i.e., popular ports)

  • CMS web scan (Joomla, WordPress, Drupal, general CMS, etc.)

  • Quick scan

  • Most common ports best scan (i.e., 65,535 ports)

  • Firewall scan

  • Stealth scan

  • Aggressive scan

  • Full scan, exploits and distributed denial-of-service (DDoS) attacks

  • Open Web Application Security Project (OWASP) Top 10 Scan, OWASP Checks

  • Payment Card Industry Data Security Standard (PCI DSS) preparation for web applications

  • Health Insurance Portability and Accountability Act (HIPAA) policy scan for compliance

In case you need to perform a manual scan for the critical assets to ensure the best results, be sure to configure the credentials on the scanner configuration to perform a better and deeper vulnerability assessment (if the credentials are shared with the team).

4. Vulnerability Assessment Report Creation

The fourth and most important step is the report creation. Pay attention to the details and try to add extra value on the recommendations phase. To get real value from the final report, add recommendations based on the initial assessment goals.

Also, add risk mitigation techniques based on the criticalness of the assets and results. Add findings related to any possible gap between the results and the system baseline definition (deviations in any misconfiguration and discoveries made), and recommendations to correct the deviations and mitigate possible vulnerabilities. Findings on the vulnerability assessment are normally very useful and are ordered in a way to ensure the understanding of the finding.

However, it’s important to keep the following details in mind and realize that high and medium vulnerabilities should have a detailed report that may include:

  • The name of vulnerability

  • The date of discovery

  • The score based on Common Vulnerabilities and Exposures (CVE) databases

  • A detailed description of the vulnerability

  • Details regarding the affected systems

  • Details regarding the process to correct the vulnerability

  • A proof of concept (PoC) of the vulnerability for the system (if possible)

  • A blank field for the owner of the vulnerability, the time it took to correct, the next revision and countermeasures between the final solution

Armed with this basic list when performing a vulnerability assessment, the recommendations phase will reflect a complete understanding of the security posture in all the different aspects of the process. It will also deliver a better outcome for something that, in most cases, is a just a compliance tool.

 

Occasionally, it is challenging for most of the Cyber Security experts on how to carry out vulnerability analysis (Assessment). This can be the toughest part of securing the organization’s assets and the method and technique used in doing vulnerability assessment will be a determining factor for the rest of the actions in trying to secure the environment. Vulnerability analysis report is great value for the organization.

Regardless of the obtained results, vulnerability analysis process offers a greater opportunity for the organization to come up with strategic plan and in as far as cybersecurity-threats are concerned. In this blog, we are taking a look at the best practice and steps for carrying out vulnerability analysis that will help to mitigate the threats that might affect the operations and functionality

Vulnerability Analysis

Here is a proposed four-step method to start an effective vulnerability assessment process using any automated or manual tool.

The following is what would

1. Initial Assessment

Identify the assets and define the risk and critical value for each device (based on the client input), such as a security assessment vulnerability scanner. It’s important to identify at least the importance of the device that you have on your network or at least the devices that you’ll test. It’s also important to understand if the device (or devices) can be accessed by any member of your company (such as a public computer or a kiosk) or just administrators and authorized users.

Understand the strategic factors and have a clear understanding of details, including:

  • Risk appetite

  • Risk tolerance level

  • Risk mitigation practices and policies for each device

  • Residual risk treatment

  • Countermeasures for each device or service (if the service is correlated with the device)

  • Business impact analysis

2. Systems Baseline-Definition

Second, gather information about the systems before the vulnerability assessment. At least review if the device has open ports, processes and services that shouldn’t be opened. Also, understand the approved drivers and software (that should be installed on the device) and the basic configuration of each device (if the device is a perimeter device, it shouldn’t have a default administrator username configured).

Try to perform a banner grabbing or learn what kind of “public” information should be accessible based on the configuration baseline. Does the device send logs into a security information and event management (SIEM) platform? Are the logs at least stored in a central repository? Gather public information and vulnerabilities regarding the device platform, version, vendor and other relevant details.

3. Perform the Vulnerability Scan

Third, Use the right policy on your scanner to accomplish the desired results. Prior to starting the vulnerability scan, look for any compliance requirements based on your company’s posture and business, and know the best time and date to perform the scan. It’s important to recognize the client industry context and determine if the scan can be performed all at once or if a segmentation is needed. An important step is to re-define and get the approval of the policy for the vulnerability scan to be performed.

For the best results, use related tools and plug-ins on the vulnerability assessment platform, such as:

  • Best scan (i.e., popular ports)

  • CMS web scan (Joomla, WordPress, Drupal, general CMS, etc.)

  • Quick scan

  • Most common ports best scan (i.e., 65,535 ports)

  • Firewall scan

  • Stealth scan

  • Aggressive scan

  • Full scan, exploits and distributed denial-of-service (DDoS) attacks

  • Open Web Application Security Project (OWASP) Top 10 Scan, OWASP Checks

  • Payment Card Industry Data Security Standard (PCI DSS) preparation for web applications

  • Health Insurance Portability and Accountability Act (HIPAA) policy scan for compliance

In case you need to perform a manual scan for the critical assets to ensure the best results, be sure to configure the credentials on the scanner configuration to perform a better and deeper vulnerability assessment (if the credentials are shared with the team).

4. Vulnerability Assessment Report Creation

The fourth and most important step is the report creation. Pay attention to the details and try to add extra value on the recommendations phase. To get real value from the final report, add recommendations based on the initial assessment goals.

Also, add risk mitigation techniques based on the criticalness of the assets and results. Add findings related to any possible gap between the results and the system baseline definition (deviations in any misconfiguration and discoveries made), and recommendations to correct the deviations and mitigate possible vulnerabilities. Findings on the vulnerability assessment are normally very useful and are ordered in a way to ensure the understanding of the finding.

However, it’s important to keep the following details in mind and realize that high and medium vulnerabilities should have a detailed report that may include:

  • The name of vulnerability

  • The date of discovery

  • The score based on Common Vulnerabilities and Exposures (CVE) databases

  • A detailed description of the vulnerability

  • Details regarding the affected systems

  • Details regarding the process to correct the vulnerability

  • A proof of concept (PoC) of the vulnerability for the system (if possible)

  • A blank field for the owner of the vulnerability, the time it took to correct, the next revision and countermeasures between the final solution

Armed with this basic list when performing a vulnerability assessment, the recommendations phase will reflect a complete understanding of the security posture in all the different aspects of the process. It will also deliver a better outcome for something that, in most cases, is a just a compliance tool.

 

Occasionally, it is challenging for most of the Cyber Security experts on how to carry out vulnerability analysis (Assessment). This can be the toughest part of securing the organization’s assets and the method and technique used in doing vulnerability assessment will be a determining factor for the rest of the actions in trying to secure the environment. Vulnerability analysis report is great value for the organization.

Regardless of the obtained results, vulnerability analysis process offers a greater opportunity for the organization to come up with strategic plan and in as far as cybersecurity-threats are concerned. In this blog, we are taking a look at the best practice and steps for carrying out vulnerability analysis that will help to mitigate the threats that might affect the operations and functionality

Vulnerability Analysis

Here is a proposed four-step method to start an effective vulnerability assessment process using any automated or manual tool.

The following is what would

1. Initial Assessment

Identify the assets and define the risk and critical value for each device (based on the client input), such as a security assessment vulnerability scanner. It’s important to identify at least the importance of the device that you have on your network or at least the devices that you’ll test. It’s also important to understand if the device (or devices) can be accessed by any member of your company (such as a public computer or a kiosk) or just administrators and authorized users.

Understand the strategic factors and have a clear understanding of details, including:

  • Risk appetite

  • Risk tolerance level

  • Risk mitigation practices and policies for each device

  • Residual risk treatment

  • Countermeasures for each device or service (if the service is correlated with the device)

  • Business impact analysis

2. System Baseline Definition

Second, gather information about the systems before the vulnerability assessment. At least review if the device has open ports, processes and services that shouldn’t be opened. Also, understand the approved drivers and software (that should be installed on the device) and the basic configuration of each device (if the device is a perimeter device, it shouldn’t have a default administrator username configured).

Try to perform a banner grabbing or learn what kind of “public” information should be accessible based on the configuration baseline. Does the device send logs into a security information and event management (SIEM) platform? Are the logs at least stored in a central repository? Gather public information and vulnerabilities regarding the device platform, version, vendor and other relevant details.

3. Perform the Vulnerability Scan

Third, Use the right policy on your scanner to accomplish the desired results. Prior to starting the vulnerability scan, look for any compliance requirements based on your company’s posture and business, and know the best time and date to perform the scan. It’s important to recognize the client industry context and determine if the scan can be performed all at once or if a segmentation is needed. An important step is to re-define and get the approval of the policy for the vulnerability scan to be performed.

For the best results, use related tools and plug-ins on the vulnerability assessment platform, such as:

  • Best scan (i.e., popular ports)

  • CMS web scan (Joomla, WordPress, Drupal, general CMS, etc.)

  • Quick scan

  • Most common ports best scan (i.e., 65,535 ports)

  • Firewall scan

  • Stealth scan

  • Aggressive scan

  • Full scan, exploits and distributed denial-of-service (DDoS) attacks

  • Open Web Application Security Project (OWASP) Top 10 Scan, OWASP Checks

  • Payment Card Industry Data Security Standard (PCI DSS) preparation for web applications

  • Health Insurance Portability and Accountability Act (HIPAA) policy scan for compliance

In case you need to perform a manual scan for the critical assets to ensure the best results, be sure to configure the credentials on the scanner configuration to perform a better and deeper vulnerability assessment (if the credentials are shared with the team).

4. Creating Vulnerability-Assessment Report

The fourth and most important step is the report creation. Pay attention to the details and try to add extra value on the recommendations phase. To get real value from the final report, add recommendations based on the initial assessment goals.

Also, add risk mitigation techniques based on the criticalness of the assets and results. Add findings related to any possible gap between the results and the system baseline definition (deviations in any misconfiguration and discoveries made), and recommendations to correct the deviations and mitigate possible vulnerabilities. Findings on the vulnerability assessment are normally very useful and are ordered in a way to ensure the understanding of the finding.

However, it’s important to keep the following details in mind and realize that high and medium vulnerabilities should have a detailed report that may include:

  • The name of vulnerability

  • The date of discovery

  • The score based on Common Vulnerabilities and Exposures (CVE) databases

  • A detailed description of the vulnerability

  • Details regarding the affected systems

  • Details regarding the process to correct the vulnerability

  • A proof of concept (PoC) of the vulnerability for the system (if possible)

  • A blank field for the owner of the vulnerability, the time it took to correct, the next revision and countermeasures between the final solution

Armed with this basic list when performing a vulnerability assessment, the recommendations phase will reflect a complete understanding of the security posture in all the different aspects of the process. It will also deliver a better outcome for something that, in most cases, is a just a compliance tool.

 

References

Gonzalez, K. (2019). A Step-By-Step Guide to Vulnerability Assessment. Retrieved from https://securityintelligence.com/a-step-by-step-guide-to-vulnerability-assessment/