Making the most of your tools to manage vulnerabilities

June 2019

As you know, vulnerability management is an essential part of an organization’s cybersecurity plan. Although companies recognize the importance of this step, many face a major obstacle: The tools they use to scan their millions of assets have licences that heavily restrict the volume of elements that can be processed. The tools can be used to carry out hundreds of tests and detect any number of vulnerabilities, but getting a complete overview of the network is a long process that has to be done manually.

What can you do in this situation? Decide not to manage vulnerabilities? Of course not! Even if your software licences are limited, there are a few strategies you can adopt to get the job done and protect your business.

Make your tools work together to maximize their potential

Imagine that your network has 65,000 hosts managed using Nessus (a vulnerability scanner) and Splunk (an SIEM). Your Nessus licence is only valid for 2,000 IP addresses, however. In order to verify your assets, you need to perform 33 separate scans and use a variety of methods to combine the results in one place.

The work is tedious, but you have to provide your superiors with a functional dashboard. Here’s a way to leverage your different tools to make the job easier.

To solve the problem, you’ll use the log management tool (or SIEM) already employed in other contexts—in this case, Splunk. Integrate the two tools, then import the Nessus (Tenable) analysis and plugin data to the Splunk Add-on for Tenable.

You’ll get a comprehensive overview of your network’s vulnerabilities and will be able to produce a dashboard with the following components: vulnerable hosts, the priority level of flagged elements and a list of exploitable vulnerabilities.

You’ll also be able to generate a report showing any new risks detected since the last scan and ones that were first published earlier than a set time frame, more than 30 days for example.

From the dashboard, you can create tables describing critical vulnerabilities and the steps required to fix them. These reports also serve to track corrections by asset.

By using this technique, you’ll get the most out of your tools in spite of their limitations. Your dashboard will provide a complete overview of your assets and enable you to detect IT security issues that threaten them.

If you need a little more support, our team will be more than happy to answer your questions. Get in touch!