9 Easy Tips to Improve Your Vulnerability Management Process
The vulnerability management process involves a lot of manual data handling.
Whether that is extracting data from legacy penetration test reports in PDFs, or turning spreadsheets into actionable, assignable tasks for colleagues, it can be a frustrating and thankless task.
Luckily for you, we have compiled a list of top tips that should offer something for everyone, no matter how evolved your vulnerability management process is.
1. Use software to convert PDF report data into a spreadsheet
Are you still manually pasting lines of information from PDF reports into your own spreadsheets?
Manual handling is one of the main ways that incorrect data can end up in your master document and systems.
Advanced PDF software, including Adobe Acrobat Pro DC, PDFpenPro11, or PDF Candy, offer powerful tools to convert PDFs directly into excel spreadsheets with just a few clicks!
The output will usually need cleaning up manually, with extra rows and columns created during the conversion process needing to be removed.
As well as saving time doing this manually by copy and pasting each line, the most important benefit is that you can be assured that the data all exists correctly in its original format.
2. Subscribe to an RSS feed to find new exploits
How are you checking that your unresolved vulnerabilities have not become more of a risk?
Sites like Exploit Database, and many similar, provide information on new known exploits for active vulnerabilities.
A known exploit for a vulnerability within your digital estate can change the risk rating considerably, but static vulnerability information, such as those in spreadsheets and ticketing systems, does not get updated with this new context automatically.
This information can be subscribed to, using an RSS feed, or by checking back at regular intervals.
The CVE numbers associated with each exploit will allow you to check your records to see if any new updates affect your existing vulnerabilities.
3. Match CVE numbers to your existing vulnerabilities with match and find
Want an easier way to search your vulnerability dataset for new exploits?
If your master vulnerability information is collated in a spreadsheet, or your systems have a search function for CVEs, you can use the ‘find/match’ function to find (or ideally, not find) any vulnerabilities with new exploits.
This allows you to re-evaluate the risk rating on any of your open vulnerabilities, and can offer peace-of-mind that nothing has changed since those results were received.
4. Use a ticketing system to manage remediation workflow
IT ticketing software, such as Jira and ServiceNow, can be a very helpful way to assign remediation tasks to colleagues, track progress, and report back to the business on outcomes.
Once your penetration testing data is collated centrally (for example, in a spreadsheet), you can add a column for ‘assigned user’, and upload the data to create ‘tickets’.
Many other types of vulnerability data, such as those from major scanning tools like Qualys, Tenable, and Outpost24, can be integrated directly with these ticketing systems to avoid manual data handling.
5. Automate the assignment of tasks in your ticketing system
Ticketing software allows you to assign tickets automatically based on a number of parameters, including round-robin (turn based), load balancing (whichever person has the most capacity), or skill-based (whomever is most qualified for a type of work).
If a vulnerability needs to be remediated by a specific team, queues can be created for each team, and a column added to the data to ensure the task is assigned to that group’s workflow.
6. Track time to remediate with your ticketing system
By using a ticketing system to manage remediation, you can keep track of metrics such as average response speed, average resolution speed, how quickly individual colleagues respond and perform against SLAs, ticket category, tag and priority breakdown, as well as average ticket numbers.
This can show you who fixes their issues fastest and help identify areas for improvement. Colleagues who need help understanding their remediation guidance can be more easily identified, which can be useful when building a case for additional training or headcount.
7. Have your penetration testing providers enter the results directly into vulnerability management software
Vendor-neutral vulnerability management solutions allow testing providers to input results directly into your systems. By introducing your providers to this process, you receive results in the format you need, relieving your team of time-consuming data handling and reformatting tasks.
This also makes it seamless to create a central standardized repository for the results of different threat assessments, from any provider.
8. Have your vulnerability management software chase your colleagues automatically
Spend less time chasing and more time remediating, by automating the reminders and chaser emails that are a necessary part of most vulnerability management programmes.
Improve collaboration and remove the ‘annoyance-factor’ of having to chase busy colleagues personally, by having your vulnerability management software do the work.
The transparency and neutrality provided by the software, with everyone able to see which departments are behind on their remediation, colleagues will have a greater incentive to prioritize fixing important issues.
9. Integrate your scanning tools and threat feeds directly with your vulnerability management software
Full automation of all vulnerability data handling is the pinnacle of a next generation vulnerability management program.
By integrating all your threat feeds, manual handling errors are kept to an absolute minimum.
Valuable time is saved doing monotonous data management tasks, and more time can be devoted to analysing and improving your process.
