Vulnerability management

Identification and elimination of vulnerabilities

This service aims to provide comprehensive support from the moment of identification of vulnerability to the moment of protecting the ICT environment. Vulnerability management is a service of identification, verification, and support in the implementation of appropriate action in the event of security vulnerability appearance. The service is based on passive and active scanning of vulnerabilities in defined periods.

The service includes:

  • passive identification of known vulnerabilities,
  • active identification of vulnerabilities in specific, cyclic time windows,
  • analysis of identified vulnerabilities (confirmation of the existence, estimation of exploitation risk),
  • communication with IT services about the risk related to the identified vulnerability,
  • development of recommendations,
  • assisting in the implementation of recommendations and verification after closing the security gap.

The Service addresses the requirements of the General Data Protection Regulation (GDPR), The Directive on security of network and information systems (NIS Directive), ISO/IEC 27001 and ISO/IEC 20000.

What is vulnerability??

Vulnerability is a security gap or an incorrect configuration of an IT system that may lead to a breach of security or ultimately to a complete compromise of the IT infrastructure. Vulnerabilities are caused by lack of update (especially security update), inconsistent security architecture, incorrect configuration of the operating system or application server. Vulnerability management is an element of the ICT system maintenance process, regardless of its scale, weight or technology. Dynamic growth of threats and public exploits availability in an easy way which may lead to discrediting the systems and, as a result, to financial and image-related losses calculated in tens of thousands of dollars.

Learn about 5 stages of effective vulnerability management

Prior to the commencement of the audit, an NDA agreement is concluded between the Customer and BLUEsec to ensure the protection of the interests of both parties. At the same time, the objective of the security audit is identified, which will allow defining the IT system under examination, the test method, the time window, and access parameters. Before the commencement of the examination, the Customer shall perform a brief description that will enable the preparation of an individualized security audit. During the audit, the tested ICT system will be constantly monitored in order to take a quick reaction in case of any undesirable event.
The identification of vulnerability is based on scanning the ICT system. The security test starts with port enumeration and services running in the ICT system. With regard to the scan results, BLUEsec analysts use specialized software to identify and confirm security defects. Moreover, active scanning includes verification of the configuration of the most compromised elements of the ICT system (e.g. SSL certificate, WEB server or file sharing services).
In order to ensure that a given vulnerability exists and can be exploited in the tested ICT system (e.g. it may cause data infringement), the vulnerability is verified. Confirmation is carried out by a manual review of the results of the vulnerability audit or, in case of ambiguous results, by analysis of active communication with the tested technology. During the security analysis, an evaluation of possibilities and conditions of using vulnerabilities is made. Information characterizing the occurrence of vulnerability may be used within the risk analysis.
The report on the vulnerability test will be divided into three parts. The first part will contain an executive summary for the management, which will determine the security status of the IT systems, risks related to vulnerabilities and indications regarding the remediation plan. In the technical part, IT system administrators will find the classification of vulnerabilities with specified severity of security bugs, comparison of vulnerabilities with a specified place of occurrence, technical description of vulnerabilities and the method of remediation. The last part of the report will contain a remediation plan which will refer to the method of vulnerability remediation, the proposed priority of error correction and the proposed responsibilities for action.
The service aims to provide knowledge about vulnerabilities identified in the client's infrastructure and recommendations, the implementation of which will allow securing the ICT system. The key in the case of vulnerability is to remove it or minimize it in such a way that an attack on the ICT system is impossible to perform. Technical or budget constraints will not always enable the implementation of a repair plan, therefore the proposed remediation measures may be consulted with BLUEsec specialists until the ICT system is secured.

What does your organization gain from a vulnerability management service?

Zarządzanie podatnościami -> Support for risk management

Support in the removal of threats after the report preparation

Zarządzanie podatnościami > Up-to-date information on the status of IT system security

Up-to-date information on the status of IT system security

Zarządzanie podatnościami > Compliance with the General Data Protection Regulation (GDPR)

Compliance with the General Data Protection Regulation (GDPR)

Zarządzanie podatnościami > Preventing and limiting the effect of attacks

Preventing and limiting the effect of attacks

Zarządzanie podatnościami > Technical information preceded by verification

Technical information preceded by verification

Zarządzanie podatnościami > Relevant information for risk analysis

Relevant information for risk analysis

We know how to help!

  • We support the Client until the threat is mitigated – the service does not end with the delivery of a report
  • We keep false-positive results to a minimum
  • We provide a comprehensive approach to the identification of vulnerabilities
  • We have an experienced team of cybersecurity specialists supported by engineers and programmers.
  • We work on-site in the Customer’s location and online (remotely)