So that we are all on the same page -Vulnerability Management is when an IT department manages it’s inventory of devices with regard to what vulnerabilities each device could be at risk for.
So if every system you own has a vulnerability, and you have 1000 systems it could get a bit challenging to manage. Consistently updating all systems for all vulnerabilities is a constant job of testing the patch, and updating the production system at a convenient time to the business.
At cvedetails.com you can review all cve’s (Common Vulnerabilities and Exposures)Each piece of software and hardware can have a potential vulnerability. This is much bigger than you think.
Powershell can give you a list of your programs:
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize
From the “How-To Geek” website:
A sample in this image:
The image above has 38 pieces of software(which is likely not comprehensive). Technically all of these can have a vulnerability(not including Windows and all of it’s subpieces).
So already you can see that 100 systems with at least 40 or 50 pieces can have 4000 to 5000 software versions that may not be the same versions for your network.
This is why there are 109403 vulnerabilities, since a vulnerability for software ABC v1.0 is different from ABC v2.0.
So if this is such a large difficult beast, how can we tame it? Or even fix it?
Actually it is relatively easy to fix by combining Risk management and vulnerability management.
Evaluate all your systems – which system has the most risk and highest impact with failure?
Finding this system should receive most of your focus on testing and updating. And that is just the start, as now the difficult part of figuring what to do with the other systems, as if you ignore the other systems attackers will come in from that angle.
Contact us to review your systems and set up a risk management matrix for all your systems.
