Skip to main content

Vuln Mgmt: From Context to Metrics

·221 words·2 mins
YT sans webcast vulnmgmt
Table of Contents

Summary (My notes)
#

A series of videos (3 parts) that talk about vulnerability management:

  • from finding the context with tools
  • leveraging the context for prioritization
  • leveraging context to create meaningful and tailored metrics for specifics to owners, systems, applications, by business unit
    • churn rate
    • mean time to detect - average
    • mean time to resolve - average
    • agents coverage vs non-agent
    • SLA compliance rate
  • leveraging context for reporting (tailored) automated.
    • exceptions
    • vulnerable images
  • Contextual Information
    • Enterprise assets, cloud assets, and ownership information.
  • Leveraging Contextual Information
    • Prioritization, Metrics, and Reporting
    • Threat intel (internal and external)
  • Effective VulnMgmt
    • Working Vs Effective
      • Mean Time to Detect: Average (vuln pub data - vuln found date)
      • Churn rate: Absolute Value (New vuln - Closed vuln @ monthly)
      • Re-open rate:
      • Averagee Exposure Windows: Average (vuln close date - vuln pub date)
      • Overdue: (current date - first discovered) > Policy
    • Communication and collaborations
      • feedback, tailored report
    • Enabling business to deliver mission
  • Comments:
    • CMDB is too slow nowadays
      • tracking image version, usage, life-span, deployed
    • Multiple scanners and automation

SANS Webcasts
#

Finding Context (part 1 of 3)
#

Leveraging Context (part 2 of 3)
#

Is the Program Effective (part 3 of 3)
#

Links#

Related

Vulnerability Data Analytics
·1396 words·7 mins
Posts data analytics metrics kpi report vulnmgmt
Ineffective metrics and KPIs may lead to false sense of security in Vulnerability Management reporting.
Vulnerability Detection Outcomes
·152 words·1 min
Posts Simplify 101 infosec vulnmgmt
4 outcomes in vulnerability detection.
Challenges In Vulnerability Management
·268 words·2 mins
Posts vulnmgmt
Vulnerability management faces challenges in both agent-based and network scan-based approaches