During the BSides Austin conference last week, I attended a talk given by Damon Small of IOActive on The Value Proposition of Vulnerability Assessment. Damon shared similar concepts I’ve been blogging about. He addressed the importance of organizations performing assessments over and over again as part of a process to extract crucial asset and vulnerability intelligence which may greatly benefit other business and security areas of -the organization if used properly. This train of thought prompted me to explore more on the benefits and challenges of integrating vulnerability management information with other security technologies.
VM systems have been successfully integrated with a variety of security information systems. One example that brings an organization value, and illustrates the need and challenge related to these types of integrations, is between a VM and a GRC system. GRC systems typically bring in security assessment feeds, financial data feeds, compliance and regulation data feeds and other feeds for the purpose of gauging information risk, enabling an organization to ensure it is in compliance with required regulations. As such, in order to provide value, a GRC system must source security assessment intelligence. This is achieved this by sourcing from one or more VM systems.
In interacting with the technical team from a large and well known GRC solutions provider, I learned they typically do not source single assessment (or single scan) information from VM solutions. Instead, information is sourced from the asset views of these VM solutions. My understanding is the underlying belief is VM systems will have the internal intelligence to correlate recurring point-in-time assessments to the real world network endpoints being assessed, even though these endpoints may change characteristics across time. I explain this recurring assessment network endpoint correlation concept in a recent whitepaper.
Clearly, VM solutions are required and house high value IT security and underscores an important point; in order to allow VM intelligence to permeate throughout an organization, be this through integration with a GRC solution, an IPS solution, an IAM solution or any other IT solution, the VM solution must ideally solve the recurring assessment network endpoint correlation challenge. Otherwise, the sourced information will include many impurities which would yield dirty data, and as a result, the value of the given integration is highly suspect.
I look forward to hearing your thoughts and feedback on this. If you have a question or comment, please share by posting in the comments on this blog. Alternatively, I invite you to reach out to me directly at [email protected].