Closing the loop on threats

You break out your trusty vulnerability scanner and go to work on the weekly perimeter scan. You find a couple of new vulnerabilities and you print out the scanner's report. Now what?

Usually, there are a couple of choices. First, you can remediate the vulnerabilities yourself (or with your team) and then retest to make sure the vulnerability is fixed. Then you write a new report and send it to the boss. Time spent? Probably a day or so overall, depending on how much help you've needed.

The other option is that you can open a trouble ticket, wait for the ticket to get a response, hope that the vulnerability really is fixed before the ticket closes so that you won't find that it wasn't forcing you to reopen the ticket or open another. More than a day will have elapsed on this one in most cases.

Whichever approach you are used to, the fact is that the process takes time, has opportunities for error, and has an overall cost that usually is out of proportion with the cost of the vulnerability itself. So, what if you could automate the process from end to end, including all of the checks and verifications, just fix the vulnerability and click a button and print a report? You can.

If you have the netVigilance Enterprise Edition all you need to do is add the Closed Loop Remediation option (CLRO) and you can manage vulnerability remediation exactly the way you would do it in a manual system at a fraction of the cost, both in time and money.

This tool, netVigilance Closed Loop Remediation, has some unique features that I liked a lot. First, there is the notion of closed loop remediation. There is nothing new in this concept. There are several other products that have this capability. However, the gotcha is in the completeness of the process. In a real closed loop process, you should test, report/ticket, remediate, test again, revisit the ticket if the vulnerability is not fixed, add to the ticket history if necessary, and then print out a final report. Most other products miss the validation portion of the cycle. They leave it to the engineer to perform another set of scans to verify successful repair.

The netVigilance product performs the way a person would. The validation steps are built in. But, as the infomercials say, “Wait. There's more.”

The Closed Loop Remediation option also ensures that the ticketing process goes properly. This is important on a couple of fronts. First, there's that nasty issue of the failed remediation. If you have the CLRO working for you, it finds and reopens the ticket and adds to it appropriately. More important, perhaps, is its ability to recognize when a particular vulnerability recurs and to search out any applicable tickets to reopen. This is very important because instead of having a fistful of trouble tickets (and, did you miss one?) you have a ticket with a full history on it.

What about the question of who does remediation? Once the ticket is opened it needs to go to someone. Who that person is may be based on any number of criteria. Perhaps it is a help desk engineer for lower level repairs. Perhaps it is the IT shop in a different location. CLRO allows you to determine where the ticket goes and CLRO will ensure that it is routed intelligently to that person. If the problem needs to be revisited, the Closed Loop Remediation option knows that and forwards new or reopened tickets to the right individual or individuals. These functions are, in my experience, unique.

The Closed Loop Remediation option needs netVigilance Enterprise Edition as its platform. Together they offer a significant package for vulnerability management. The product interfaces with any trouble-ticketing system that accepts email as its input medium. It also supports multiple simultaneous ticket queues.

Another thing I liked is the system's method of prioritizing. It uses the CVSS (Common Vulnerability Scoring System) base scores for vulnerabilities, and you can set the priorities that the various scores get for remediation. You can set these in the context of where the vulnerability is and its overall criticality. This, in my view, goes a long way toward automating the remediation process. At the end of the day, the only human intervention needed is the actual repair of the vulnerability. All of the administration is handled by the Closed Loop Remediation option. And, for a guy like me who hates paperwork, that is a good thing, indeed.

If you are doing regular vulnerability scans – and you should be – check this one out. It's a keeper.

Product: netVigilance Enterprise Edition with Closed Loop Remediation Option
Company: netVigilance
Price: From $23,595 per year for the basic netVigilance product, plus $7,500 or 10 percent of the base price, whichever is greater, for the Closed Loop Remediation option.
What it does: Provides a full-featured closed loop vulnerability remediation capability complete with remediation, validation, trouble-ticket tracking and routing.
What we liked: This is a fully automated workflow system that performs exactly the way a person would in a manual vulnerability remediation process.
What we didn't like: Nothing. This product does everything exactly the way I would.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.