Vulnerability management is a technical practice that maps the “output of information security technology to define the risk priorities for organizations.” Mapping and managing vulnerabilities requires several processes, including:
Before the explosion of connected, unmanaged smart devices, vulnerability management programs simply scanned networks for IT assets. These tools used agent-based techniques to determine assets’ OS configuration and update history and to identify the software and services running on each asset. Security teams would use these findings to identify vulnerabilities like unpatched software or out-of-date operating systems, then manually map the risks and create a plan to remediate them.
As more unmanaged devices — Industrial Internet of Things (IIoT) sensors, connected medical equipment, operational technology (OT) and industrial control systems (ICS) devices, smart TVs, and other devices — become part of an organization’s connected environment, the number and variety of potential vulnerabilities increases. At the same time, these kinds of devices often don’t appear on traditional security scans, and scans can impede unmanaged device function or cause them to stop working altogether.
With so many connected devices coming online all the time (56 billion worldwide by 2025), attackers are increasingly focused on device vulnerability identification and exploitation. Traditional scans not only miss or potentially disrupt unmanaged devices, but traditional scanning schedules may also overlook the emergence of newly identified vulnerabilities, creating a time gap during which attacks can proliferate. In order to keep the enterprise secure, identifying and managing vulnerabilities at scale and at speed is more important than ever.
Device discovery, OS and software identification, and vulnerability assessment are still critical elements for effective vulnerability management, but traditional agent-based scans can’t fully deliver those capabilities.
Today, enterprises need an agentless platform that can discover all devices in the environment without disrupting their functions, and that can continuously monitor those devices for known or new vulnerabilities. That approach requires the ability to compare discovered devices to a database of similar devices to get a baseline for firmware, software, and normal (or abnormal) device behavior.
Device behavior monitoring is critical because anomalous behavior is an early indicator of a vulnerability, threat, or incident. A comprehensive solution will learn each device’s communication profile, such as its position within the network or environment, which devices it communicates with, which protocol it uses, and communication frequency and volume. When a device behaves outside its normal range, the solution can alert the security team, enforce automated policies, and isolate or disconnect the device.
The Armis platform provides complete visibility of all devices in the environment, assesses them for vulnerabilities, and monitors their behavior in real time. It can also remediate vulnerabilities automatically or manually, alert your security team to threats, and log device actions for review and forensics.