A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Is an Effective Vulnerability Management Program in Your Future? Breadcrumb Home Insights Blog Is an Effective Vulnerability Management Program in Your Future? December 01, 2014 Is an Effective Vulnerability Management Program in Your Future? The sad truth about penetration tests is that they are almost always successful in demonstrating dramatic security events. Even junior assessors can go from minimal access, below the level of most employees, and gain administrative domain credentials for an internal corporate network. Typically, they accomplish this goal within a few days of having arrived in office environments where they have never even been before. It is even sadder that they can do all this with a limited set of attack techniques. However, some organizations are more resistant to conventional attack methodologies than others. Some companies gather vulnerability data on a regular basis, make informed decisions based on that data and assign remediation responsibility. Functional vulnerability management programs can mean the difference between long periods of pleasantly uneventful productivity and a catastrophic compromise from an attacker with limited to moderate skills. Optiv has created a white paper that outlines a general structure to guide organizations wishing to create their own vulnerability management programs. Based on analysis of successful programs from leading companies, this document spells out the components at a high-level and lays out some of the lessons learned from the evaluation and implementation of these programs. Anyone wishing to make informed decisions about their company’s security can benefit from the kind of program that this white paper outlines. Although not all companies have these programs in place, the ones that do tend to have far fewer surprises after penetration tests and compliance audits. They also, presumably, face fewer realized threats from actual attackers. The intent of this white paper is to guide security administrators in the beginning phases of the process of creating a fully realized vulnerability management program. For clarity, this document breaks down vulnerability management into three parts. First, data acquisition includes components, like conventional vulnerability scanners and web application scanners that collect vulnerability and compliance data from across the enterprise. The white paper also discusses information storage and analysis technologies such as security information and event management (SIEM) solutions, and vulnerability classification and weighing. Finally, the discussion includes details about accountability engines, which organize and promote remediation efforts. Administrators wishing to enhance their own security programs can use this framework as a model to aid in future efforts. In addition to detection and remediation of critical vulnerabilities, these programs offer added benefits, including the facilitation of compliance efforts for internal policies and externally mandated standards such as the Payment Card Industry Data Security Standard (PCI DSS). Although it is not necessarily anyone’s intention to gather mundane information such as the presence of or support for weak or outdated communications protocols (i.e. Telnet), the same technology used in these programs also offers related policy or compliance benefits. Not only can a working vulnerability management program save organizations from security incidents, it can promote compliance by allowing administrators to know where non-compliance exists. By: John Ventura Practice Manager, Research John Ventura is the practice manager of Optiv’s research team. In this role he specializes in assisting the security design and assessment of real world products and services. He has worked across multiple computer security fields, including forensics, network penetration testing and web application security for a diverse set of clients. Share: SecOps Penetration Testing White Paper
Would you like to speak to an advisor? Let's Talk Cybersecurity Provide your contact information and we will follow-up shortly. Let's Browse Cybersecurity Just looking? Explore how Optiv serves its ~6,000 clients. Show me AI Security Solutions Show me the Optiv brochure Take me to Optiv's Events page Browse all Services