As organisations today continue to embrace digital transformation and deploy new technology into enterprise networks to improve customer and employee experience, new security threats are being rapidly introduced.
These new technologies are often introduced without any security considerations and the software they are running will also often contain vulnerabilities. Cybercriminals are aware of this and every time a new technology comes into place, hackers look to see if there’s a way to attack it or gain control over it before the vulnerability loophole is closed
In order to detect these security flaws many organisations will rely on vulnerability management tools and scanners, which are commonly used as part of an organisation’s normal security hygiene.
Typically, when a vulnerability is reported, it goes through a disclosure process. Then the organisation that has responsibility for that software or configuration provides a patch or some updates for it. In parallel, during that time of the reported disclosure and patch, vulnerability management vendors are updating their scanners – with scripts that will probe and collect information to determine if a target is vulnerable.
When ready, organisations run those updated scripts across their assets during an appropriate scan window. If a new vulnerability is discovered, prioritising and getting it remediated closes the opportunity for an attacker to gain access to the organisation’s networks. Essentially, the less time the company is exposed, the less time the hacker has to exploit that vulnerability.
Read the full article from from Srinivasan Jayaraman: