(6) Remediation Flow Flashcards
What is the remediation workflow?
Remediation is about detection, remediation, testing
How should the remediation workflow be configured?
The remediation workflow should be as automated as possible as long as the tools are available
What options do network admins have when it comes to automated remediation workflows?
Many vulnerability management systems have their own tools for remediation, but many admins instead like to manage vulnerabilities through the ITSM (IT Service Management) system.
While this does avoid using two tools, the vulnerability management options will either need to be able to integrate natively with the ITSM system or have integrations built into them
In terms of remediation, what is ongoing scanning?
Ongoing scanning is where vulnerability management systems scan IT systems on an ongoing basis
It can be resource intensive but it does help detect issues quicker
in terms of remediation, what is continuous monitoring?
Continuous monitoring takes data from agent based approaches to vulnerability detection and reports the issues right away
What reporting capabilities exist with vulnerability management systems?
Vulnerability management systems have the ability to push regular reports and for critical alerts, notifications can be pushed in real time to people who can fix them.
What customizations exist for vulnerability management reports?
The types of customizations include sorting by vulnerability type, severity, host group, and other things
What considerations do admins need to think on as they consider how to remediate discovered issues?
Admins need to make sure that they consider the financial resources that they have, as well as the time and skill to decide which vulnerabilities to remediate.
What are the most important considerations that admins have to make when it comes to choosing which vulnerabilities to fix?
The most important considerations include
-Criticality of the systems and information affected by the vulnerability
-Difficulty in remediating the vulnerability
-Severity of the Vulnerability
-Exposure of the Vulnerability
What should admins do before deploying a remediation activity?
Any remediation should be tested before it is put in place in a sandbox environment.
This way any not detectable side effects can be seen and tested.
Another vulnerability scan should be done to make sure that the vulnerability isn’t detected
Also remember to update the baseline for the system
If a vulnerability can’t be remediated, other options are possible, what are they?
Compensating controls can be put in place. It is an additional security control without taking care of the actual issue.
Secondly the system could accept the risk and not do anything, understanding that the risk is still there
If analysts on the team raise concerns about vulnerability scanning, what three things may they mention?
Service degradations
Customer commitments
IT Governance and Change Management Processes
When it comes to concerns raised by tech professionals against vulnerability scanning, describe service degradations
Vulnerability scans take up bandwidth. It can interrupt business production. In addition, legacy and proprietary systems can cause issues in the face of these scans.
A good idea to work around this is to tune these scans to consume less bandwidth and to scan during down times in business (such as during late hours of the night, etc)
When it comes to concerns that security professionals may raise to vulnerability scans, describe customer commitments
Customer commitments include Memoradums of Understanding and Service Level Agreements. (SLAs) with customers. If uptime or other promises in these agreements are violated, then the customers may need to be part of the decision making process.
When it comes to concerns that IT professionals can raise to vulnerability scans, describe IT governance and change management processes
There can be bureaucratic issues that come into play such as change management approvals that need to be had before vulnerability scans can be done
