What We Do
How we do it
Resources
SECURITY ADVISORIES
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search

Managed risk services GLOSSARY

What is Vulnerability Management?

Vulnerability management is a service offered by a cybersecurity provider that allows your organization to discover and address vulnerabilities before threat actors can exploit them. The service provider highlights which vulnerabilities are most at risk of being exploited and advises you on developing a plan to remediate them.

Why Do Organizations Use Vulnerability Management Programs to Prioritize and Remediate Vulnerabilities?

Organizations use a vulnerability management service to automate the identification of vulnerabilities across dynamic and expanding IT assets, track and measure the lifecycle of vulnerabilities, reduce operations, staffing, and resource constraints, prioritize remediation against larger potential business risks, and satisfy regulatory requirements.

How Does Vulnerability Management Benefit My Organization’s Cybersecurity Program?

There are four distinct benefits of implementing a comprehensive vulnerability management program:

  • Having continuous visibility of your threat environment by discovering all existing and new vulnerabilities across your IT assets (e.g., operating systems, web applications, mobile applications, etc.)
  • Prioritizing vulnerabilities that present the greatest potential risk to remediate against dangerous exploits first
  • Alleviating your resource constraints with experts that provide end-to-end management and platform refinement
  • Having complete system access and flexibility to run customized scans and reporting

What are the 5 Steps of the Vulnerability Management Cycle?

Overall, a comprehensive vulnerability management program includes continuous awareness of the threat landscape, vulnerability scanning to understand which systems are inadvertently exposed, remediation of any found vulnerabilities, and the implementation of a disciplined patch management program.

A strong vulnerability management program can be broken down into five steps:

  1. Compile your assets to discover existing vulnerabilities through vulnerability assessment
  2. Prioritize the found vulnerabilities based on the threat and risk level
  3. Consider how your team will deal with the vulnerabilities
  4. Actively monitor vulnerabilities and continue to reassess
  5. Improve the methods of discovering and remediating vulnerabilities as needed through a disciplined patch management program

    Vulnerability Management Step 1: Compile your assets to discover existing security vulnerabilities through vulnerability assessment

    The first step is meant to cover your bases as you begin the vulnerability management process. This means compiling a list of assets you need to test, identifying which assets you’ll need to prioritize for remediation, and map each of these assets across your environment – on-premises, cloud, and hybrid. The goal here is to ensure you have complete visibility into the full cyberattack surface so there are no blind spots.

    Next, use a vulnerability scanner to identify all the vulnerabilities that may be present in your environment. Vulnerability scanning tools will assess every single endpoint, server, or any other system asset running on your network to determine the presence of all known vulnerabilities that exist in the wild.

    Vulnerability Management Step 2: Prioritize the found vulnerabilities based on the threat and risk level

    Once all possible vulnerabilities have been identified, they must be ranked in order of the level of risk they pose to your organization so your team can begin the remediation process. We recommend prioritizing vulnerabilities based not only on their risk level, but also on the likelihood that they will be exploited by threat actors.

    It’s important to remember that just because a vulnerability has a high CVSS score does not mean it’s actively being exploited by cybercriminals. In addition, consider which vulnerabilities impact your most critical assets (as identified in Step 1) so you can adjust your remediation efforts accordingly.

    Vulnerability Management Step 3: Consider how your team will deal with the vulnerabilities

    Typically, there are three ways your team can deal with any vulnerability. You can remediate it entirely, mitigate it, or simply accept it. If a vulnerability is particularly critical, or at high risk of being exploited, you must remediate it by patching immediately. If a patch is not yet available for the vulnerability, the next best option is to place mitigating controls to limit the vulnerability from being exploited.

    However, as a last resort, your team may have to accept the risk, especially if a vulnerability is low risk or if it exists in legacy systems that are no longer patched by the software vendor. In this case, you’ll have to discuss with your team if the impacted asset is critical enough to keep despite a lack of patch updates from the vendor.

    Vulnerability Management Step 4: Actively monitor vulnerabilities and continue to reassess

    Even though your team may have decided how to deal with the vulnerabilities, you need to continue monitoring the vulnerabilities and reassess your decisions. It’s important to remember that vulnerability management is not a once-and-done engagement – it’s a dynamic process, especially given that as your team works through the vulnerabilities, more will pop up.

    As part of the vulnerability management program, we recommend you reassess your decisions to ensure that the decisions you’ve made in the previous step (i.e., mitigation, remediation, or acceptance) are correct.

    Vulnerability Management Step 5: Improving the methods of discovering and remediating vulnerabilities as needed through a disciplined patch management program

    This last stage is as much about evaluating your vulnerability management program for areas of improvement as it is about implementing a disciplined patch management program. The best way to do so is to assign a process lead and document a process that allows you address patch assessment, harvest testing, and deployment. For example, work with your team to determine a timeframe within which all critical security patches must be installed once they are released from the vendor versus non-critical patches. Evaluate your security infrastructure (e.g., firewalls, anti-virus, VPN, etc.) to ensure it’s running properly and receiving regular updates.

    What is the Difference Between Vulnerability Management and a Vulnerability Assessment?

    A vulnerability assessment is an analysis of your organization’s weaknesses and risks that are present in your cybersecurity defenses. It identifies vulnerabilities present in your system before threat actors can exploit them. It’s conducted via a host of vulnerability scanning

    Performing a vulnerability assessment is part of a greater vulnerability management program used to understand where an organization’s cyber risks are present, the type of threats impacting the overall organization, and what needs to be done to mitigate them.

    How are Vulnerability Management and Cyber Exposure Related?

    Vulnerability management and cyber exposure are closely intertwined, as they both involve the protection of sensitive data from potential cybersecurity threats and ensuring the security of your organization’s most valuable assets.

    In the context of vulnerability management, it is important to understand exactly where your organization's vulnerabilities lie so that you can take proactive steps (e.g., by conducting penetration tests or red team exercises) to prevent any intrusions or cyberattacks.

    By assessing various aspects of your organization's infrastructure, such as your network architecture and applications, you can identify points of vulnerability that may be targeted by cyber threat actors. Likewise, in order to effectively manage cybersecurity exposures, it is crucial to have a deep understanding of the types of data that are most valuable to your organization and how those sensitive data are being used.

    With this knowledge in hand, you can better prioritize your efforts and focus on tactics like encryption and role-based access control to reduce the risk of losing sensitive data.

    Do Vulnerability Management Solutions Ensure the Success of Your Cybersecurity Program?

    There is no single answer to the question of whether vulnerability management solutions can ensure cybersecurity success. At one level, vulnerability management solutions are undoubtedly essential for ensuring that cybersecurity risks are properly identified and mitigated. This can help companies to better protect their systems and sensitive data from cyberattacks and cybersecurity breaches, minimizing the chances of significant damage and keeping customer information safe.

    However, vulnerability management solutions are not a guarantee of security. Even with these security tools in place, there is always some risk of an accidental vulnerability being overlooked or new cyber threats emerging that have not yet been detected by vulnerability tools. In addition, companies need to be aware of the ever-changing landscape of cybersecurity threats and be proactive in taking preventative measures to stay ahead of potential cyberattackers.

    Ultimately, then, vulnerability management solutions should be seen as an important part of a comprehensive approach to cybersecurity rather than as a standalone solution. In this way, vulnerability management helps companies to achieve success in securing their networks and sensitive data against malicious cyberattacks.

    Questions to Think About Before Evaluating a Vulnerability Management Vendor

    Before evaluating a vulnerability management vendor, there are a number of important questions that you should consider. First, you should consider the vendor's level of experience and expertise and be prepared to ask:

    • Do they have extensive experience with vulnerability assessments and management, or does their expertise lie within other areas of cybersecurity operations?
    • What is their track record when it comes to ensuring data security and meeting compliance requirements?
    • How successful have they been in protecting against cybersecurity breaches and avoiding fines and penalties?
    • How has their vulnerability management team stopped advanced cyber threats like zero-day exploits and supply chain cyberattacks?

    Another key consideration is the vendor's approach to vulnerability management:

    • What methods and tools do they use to identify threats and assess cyber risk levels?
    • Will the security tools and technologies used be sufficient for your particular environment (i.e., cloud, on-premises, or hybrid), or will your organization need a custom solution that the vendor can deliver?

    Finally, you should consider how compatible the vendor's services are with your organization's overall cybersecurity strategy:

    • Do their practices align with your broader goals for risk mitigation and digital protection?

    By asking these important questions before choosing a vulnerability management vendor, you can ensure that you select a provider that will best serve your needs.

    Stop Cyberattacks Before They Start with eSentire’s Managed Vulnerability Service

    When zero-day vulnerabilities emerge, you need to act quickly before a breach happens. eSentire’s Managed Vulnerability service is all-inclusive and completely transparent. We provide flexible scanning tools, dynamic asset tracking, and continuous optimization and guidance to keep you ahead of the threat curve.

    Don’t let unexpected zero-day cyberattacks throw your business operations off. Learn more about how our Managed Vulnerability service can protect your organization from zero-day cyberattacks.

    eSentire Managed Risk Services

    Take control of cyber risk. eSentire offers multiple Managed Risk Services, tailored to your business needs, to help your organization proactively identify gaps and refine your cybersecurity strategy. This includes a regular cadence of security assessments and testing to continue to strengthen your security posture