NormShield Blog

Unified Vulnerability Management

NormShield Threat Vulnerability Orchestration

Unified Vulnerability Management; Security professionals usually apply penetration testing once a year but there are ~13000 new vulnerabilities discovered every year. Besides developers deploy new applications almost every month, 20K+ personally identifiable information (PII) leaks every week, hundreds of hackers scan every single possible port on entire Internet every day! Even a small mistake or slow reaction can result a defacement, data breach or denial of service. NormShield Unified Vulnerability Management allows you to manage your organization’s asset in order to fight with hackers. The process works in the following way:

Define your organizations assets either by manually entering them one-by-one (New Asset) or let the NormShield AutoDiscovery agent discover your assets dynamically. NormShield is highly automated that it can discover your new assets, schedule a vulnerability scan for it and if a vulnerability is discovered then NormShield Ticket Management can create a ticket for this particular vulnerability to the responsible admin. To make the long story short NormShield can handle your assets:

  1. New Asset or Asset AutoDiscover
  2. Vulnerability Scan
  3. Create Ticket if required
  4. Report & Notify
  5. Done!

Unified Vulnerability Management

Automating Vulnerability Scan and ticketing system is only a great part of NormShield UVM but there is much more. Managing Vulnerabilities is a challenging job for security professionals. Think about if you have hundreds or thousands of IP devices and they have a number of vulnerabilities. Managing and monitoring this amount of vulnerabilities has a number of difficulties like root cause detection, risk management, prioritization, categorization, service level agreements, responsible parties detection etc. NormShield allows security professionals to identify root cause of vulnerabilities in order to decrease vulnerabilities in their early stages.

Root Cause Distribution

Risk management requires a huge amount of effort in order to decide whether you should accept, transfer or mitigate the risk. The decision basically depends on the asset value, threat/attack likelihood and impact. The formula can be even simple

Risk = Likelihood * Impact

by OWASP Risk Definition. Consider you have thousands of IP, Server, URL, Application, how could you calculate these amount of edges? Even calculation can be highly complex and difficult for a single security analyst. NormShield has built in risk management system which allows to calculate your risk score, manage or accept risks and monitor your risk score continuously.

Instant risk score

Continuous Risk Analysis

Risk Map

Categorization is an important part of vulnerability management. It allows a security admin to handle security operation in a more effective way. Every vulnerability has a category but vulnerabilities can be a wide range of categories. Categorization brings another challenge: prioritization. Categorizing vulnerabilities is easy duty for NormShield UVM. One can easily categorize vulnerabilities in their cause, asset, type, service or port etc. As seen in the following charts assets and vulnerabilities can be categorized with their severity levels, ports, asset labels and more…

Vulnerability Categorization

Vulnerability Grouping

Vulnerability Distribution

Service level is one of the most important part of the enterprise business. Companies should stick to their SLAs in terms of vulnerability management policies. There are a number of policies, regulation and compliances like PCI-DSS, FISMA, HIPAA those forces an enterprise network to ensure on some certain level. Customers can track their SLA with highly customizable features.

Vulnerability SLA Tracking

Vulnerability Mitigation Tracking

Dealing with vulnerabilities requires monitoring responsible parties too. One can’t handle all vulnerabilities alone instead need to put all stakeholders in action. Identifying responsible parties is another capability of NormShield UVM. As seen in the following chart Application Server Administrators, Database Administrators, Analysts did their job well, Operating Administrators trying very hard to patch vulnerabilities whereas Network Administrators are the weakest party in the organization.

How good responsible parties do their job?

Scanning and managing multiple vulnerability scan engine is another cool feature of NormShield UVM. Currently Tenable Nessus, Netsparker, Rapid7 Nexpose, Acunetix, OpenVAS and Arachni vulnerability scanners are integrated with NormShield platform. Besides it is capable of importing nessus, acunetix, netsparker, arachni, burp, nexpose, openvas, nipper, windows privilege escalatin scanner, appscan, owasp zap and bades formated excel files.

Import cross scanner results

Vulnerability management is not only scanning and tracking vulnerabilities on a spreadsheet but also monitoring your risk score, categorization & prioritization of vulnerabilities, tracking your SLA and monitoring your responsible parties too. High level vulnerability management requires more than a scan engine.