Now it is time to start planning the trip up Vulnerability Mountain. When you get ready to climb a mountain, you need gear, and you need to know what to ask for at the store. If you are not educated, you can easily wind up with a bunch of gear, products and plans that do not work together and thus expand your risk.We will start by defining some of the terms we will be using so we can speak the same language.Vulnerability – A vulnerability (from RFC 4949) is A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.Asset – The idea of an asset has changed over the years and has evolved from being physical hardware like servers, desktops and network gear to any device (virtual or physical), object, device or other component in a network or environment. This now includes laptops, containers, serverless code and even IoT devices.Vulnerability Assessment – The process of identifying a vulnerability in a network or environment. This assessment is a look at the state of your assets at a single point in time. This assessment can be done by an assessment tool or by a manual pentest.Remediation – The process of fixing, stopping or working around a vulnerability. Remediation can be done by applying a patch, changing a configuration or even blocking exploit attempts with a network device.Vulnerable – An asset that is vulnerable has a known vulnerability. An asset that is vulnerable does not have to be exploitable to be vulnerable. Even if there are remediations in place, an asset with a vulnerability is vulnerable ..
Support the originator by clicking the read the rest link below.
