Home > Vulnerability management tools: Summary/Fast track
Book Excerpt:
EMAIL THIS LICENSING & REPRINTS

Vulnerability management tools: Summary/Fast track

10 Dec 2007 | Syngress

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Summary

In Chapter 7, we discussed the methodology behind vulnerability management. In this chapter, we discussed what an ideal vulnerability tool features, although we know and understand why such a tool doesn't exist. However, as we discussed, some vendors are getting close to delivering complete solutions in this comparatively new discipline in information security.

Download this chapter
Want the full chapter? Download the .pdf, reprinted from Network Security Assessment by Manzuik, Gold and Gatford with permission from Syngress, a division of Elsevier. Copyright 2007.

We briefly discussed some of the players, but gave no suggestions regarding the pros and cons of the tools because there is no one tool that fits all the requirements of an organization. Although the open source community has a wealth of great tools available, there isn't one tool that supports all of the facets of vulnerability management; rather, there are bits and pieces scattered among many authors.

To close out the chapter, we discussed some of the pros and cons of leveraging an outsourcer to manage parts of a vulnerability management program. It's conceivable, and many organizations do it, but it's imperative to put in place some serious guidelines and detailed service-level agreements beforehand to ensure that no one becomes disappointed with the delivery of the service.

Solutions Fast Track

The Perfect Tool in a Perfect World

  • The perfect vulnerability management tool would include asset management, vulnerability assessment, configuration management, patch management, remediation, reporting, and monitoring capabilities.
  • All of these components interoperate, pushing and pulling data as each task is performed.

    • Evaluating Vulnerability Management Tools

  • No one vendor has a solution or set of technologies that completely addresses all aspects of the vulnerability management life cycle.
  • Several key questions can assist you in evaluating vulnerability management tools and, hopefully, in identifying gaps in terms of capabilities.
    • The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the "Ask the Author" form.
    Q: How do I decide which tool to use?
    A: Demo the technology first. Most vendors provide trial-ware offerings of their products. Even if it's an appliance-based solution, most vendors are usually willing to provide you with a loaner unit. Managed vulnerability providers also allow for interactive demonstrations.

    Q: Should I seriously consider an open source solution?
    A: That depends on your aversion to technology. If you're looking for creative technologies and novel intellectual property, and you are seeking to fill a gap within your vulnerability management program, you should definitely consider open source. If your organization is taking the creation of a vulnerability management program seriously (i.e., you have a budget), you should look into a combination of commercial tools and open source tools.

    Commercial Vulnerability Management Tools

  • The vulnerability management market is changing frequently due to mergers, acquisitions, and alliances. Numerous vendors provide tools in this space, so you must identify your needs prior to evaluating technologies.

    • Open Source and Free Vulnerability Management Tools

  • The open source community has created some great security tools.
  • No one tool provides a complete vulnerability management solution.
  • It may not require much effort to create interoperability between open source vulnerability management tools.

    • Managed Vulnerability Services

  • Set some serious guidelines and detailed service-level agreements to ensure that no one becomes disappointed with the delivery of a service.
  • Before selecting a vendor, confirm which products the vendor is using and how the information is distributed to interested parties.
  • Ensure that you have access to the raw data.

    • Vulnerability management tools
      Home: Introduction
      1: Evaluating vulnerability management tools
      2: Commercial and open source network tools
      3: Summary/Fast track


    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary


    HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersBlogsEvents
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts