Proactive Security: Software vulnerability management and beyond
For decades, passive perimeter defences have been the order of the day. But modern security professionals are moving to a more pro-active approach to cyber defence, and managing vulnerabilities is a key element of that.
Essentially, vulnerability management is a pro-active approach to network security through reducing the likelihood that flaws in code or design compromise the security of an endpoint or network, as happened in the Equifax breach. This process typically involves identifying vulnerabilities relevant to a particular organisation through a vulnerability assessment and then mitigating them through a continuous improvement strategy, with special focus on zero day vulnerabilities where appropriate. In many cases, the focus of this is on business applications with some organisations using bug bounties alongside or instead of penetration testing. However, this process cannot be limited to business applications. Information security professionals often need to look beyond code to cloud infrastructure and even IT systems not directly related to the line of business such as building management systems, which are easily and often overlooked.