Vulnerability Management

Painful aspect of Penetration Testing

A penetration testing exercise is always filled with challenges – both for the organization who is to undergo this and the team/organization who is conducting this. Both have different perspective of the challenges. The organization requesting a penetration test has to worry about its objective, scoping, vendor selection, planning and so on while the organization/team conducting the penetration test will have its own set of challenges in the form of selecting the right framework, planning and executing a controlled attack and more. One aspect which is common to both organization and team is – how do we ensure that there is no business disruption or at the least limited performance impact on the target network or systems due to the penetration test.

The Ideal EVM Team ÔÇô Against All Odds

“TCS’ enterprise Vulnerability Management Service (VMS) removes vulnerabilities affecting your application and network infrastructure intelligently”. One would find this mentioned in EVM section of TCS official site. However, the more we dig deep into the lines, one would realize the kind of effort which goes in implementing a robust vulnerability management lifecycle that ensures data protection.  Establishing a group to facilitate the niche services is no mean job either. Assembling the right blend of industry’s best tools and skillful professionals is what can be termed as “The Ideal EVM Team”.  Like they say “Finding good players is easy. Getting them to play as a team is another story”. With great responsibilities, comes bigger challenges. Let me hand-pick few of the challenges which may just prove to be the perfect road-blocks in sustaining with these specialized teams.

Vulnerability Management - Step 0

Vulnerability Management - Step 0

Compliance is critical, necessary and not evil. Every organization wants to meet the compliance requirements and doing risk assessments, vulnerability management are key to achieve critical requirements.

Most of the times the organizations just see Vulnerability Management as another checkbox in pursue of compliance and forget or ignore many different aspects or they don’t have concrete foundations to carry out a well drilled and oiled Vulnerability Management process and the process complicates or fails mid-way.  Our job is to make the process as smooth as possible and sometimes it is better to start at step 0.

Enterprise Vulnerability Management Framework - Part 1

Enterprise Vulnerability Management Framework

The earth has been trembling for a while now, the great Himalayan quake has left the Nepalese dazed and razed. In India we have been rumbling for weeks now, we are all scared of the unknown. None can predict the timing of an earthquake.

My professional service line is equally unpredictable. I work in the area of software security yet I cannot predict a breach. I can map an organization with vulnerable-seismic zones and can quantify the severity of a breach (a la Richter scale) yet I cannot predict the exact timing of a breach.

Like in an earthquake as the great tectonic plates move and collide, the vulnerabilities also connive to move in groups and expose an oceanic trench for the prying hacker waiting with his fishing rod for a prized catch. Vulnerability management often misplaced in the shoes of a vulnerability assessment is not adequate to secure organizations.


Subscribe to RSS - Vulnerability Management