Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Vulnerability Management and Continuous Monitoring

February 27, 2017

  • Blog
  • Archive

For the last 5 years or so, the term “continuous monitoring” has felt a bit like an elusive goal in the world of information security, possibly even an ambiguous buzzword to some. Many security professionals are still wondering how to get started: What technologies typically make up continuous monitoring infrastructure? What steps should you take to successfully implement these types of security controls organization-wide?

Want a more depth review about how to plan and implement a continuous monitoring strategy with your vulnerability management tools both in-house and in the cloud. Check out my on-demand webinar. Register now.

A good starting point is the Department of Homeland Security's (DHS) Enterprise Continuous Monitoring Technical Reference Model called CAESARS (Continuous Asset Evaluation, Situational Awareness and Risk Scoring) - yes, that’s a LOT of acronyms, but the government loves them. Acronyms aside, the DHS model includes a great breakdown of a continuous monitoring “sensor subsystem”:

Sensor subsystem: This group of technologies makes up the majority of the continuous monitoring data capture for analysis. The following technologies should be implemented:

  1. System configuration management
  2. Network configuration management
  3. Authenticated vulnerability and patch scanners
  4. Unauthenticated vulnerability scanners
  5. Web vulnerability scanners
  6. Database vulnerability scanners
  7. Antimalware tools

See anything in there that seems to be repeated a few times? If you said “vulnerability scanners,” you get the gold star award. Configuration management is critical, of course, because you’ve got to have a baseline definition for what systems are SUPPOSED to look like. However, in order to assess systems properly, and put the “continuous” in there, you really need a variety of vulnerability scans to run on a regular schedule, or even in a truly continuous fashion. Automation is the key to the whole thing. I know WAY too many organizations out there (even large, seemingly mature ones) that still have a human being clicking the big red shiny “GO” button to launch scans, and while that’s great for spot audits and assessments, or as a precursor to a pen test, it’s not an effective way to truly put a continuous monitoring strategy into action.

Using commercial vulnerability scanning tools to perform both authenticated and unauthenticated scans can produce a large volume of data. For continuous monitoring, scheduling daily or weekly scans of systems and subnets will produce enough data for a sound baseline of what is running in the environment and at a system level, which can then be assessed against newer scans to determine what has changed and what the risks are. Most enterprise vulnerability scanners can cover web and database technologies adequately as a starting point, too, and you can add more specialized tools later if you need more in-depth information.

Doing this in the cloud is critical, too, as you really need as much visibility and “real time” status about your systems to know how things are changing in a dynamic environment. Committing to a real continuous monitoring strategy using in-cloud scanning tools that are preauthorized for the cloud platform in use can be immensely useful in developing inventory status, vulnerability status, and even detecting rogue or unapproved changes that aggressive DevOps teams may have made in the environment.

There are a huge number of benefits to enhancing your vulnerability management program to encompass a more continuous strategy.

Check out my on-demand webinar on this topic, where we’ll talk in more depth about how to plan and implement a continuous monitoring strategy with your vulnerability management tools both in-house and in the cloud.

Dave Shackleford

Cybersecurity Expert and Founder of Voodoo Security

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.