Comprehensive Guide to Vulnerability Management for Security Professionals

Introduction

Social engineering. Log4j. Atomic Stealer. SolarWinds supply chain attack.

Each one of these represents a cybersecurity vulnerability that, upon being distributed and exploited, allowed threat actors to gain access to private company data, unauthorized access to systems and networks, and sensitive user credentials to successfully perform data breaches.

Vulnerabilities are not limited to the four mentioned in the opener. They come from a variety of different avenues to compromise devices, users and organizational resources, and require IT/Security teams to be steadfast in their vigilance over the enterprise to remain protected against myriad vulnerabilities across the modern threat landscape.

In this blog, we explain why vulnerability management is important in today’s cybersecurity landscape. We also discuss the following:

• What is Vulnerability Management?
• The role of mobile devices in Vulnerability Management
• A step-by-step breakdown of the Vulnerability Management process
• How Jamf helps organizations with Vulnerability Management

Understanding Vulnerability Management

What is Vulnerability Management?

Vulnerability management is the iterative process of identifying, classifying, prioritizing, remediating and mitigating vulnerabilities. Represented as a loop, the cyclical process works to address vulnerabilities affecting various aspects of information security, such as:

• Hardware
• Software
• Processes
• Workflows

Why is Vulnerability Management critical to cybersecurity?

Developing and incorporating a Vulnerability Management program is critical to maintaining organizational security. Its proactive nature requires organizations to consistently be on the lookout for potential vulnerabilities in all devices and software utilized for business. If left unchecked, the impact on the security posture by vulnerabilities introduced into the infrastructure leaves devices out of compliance and open to compromise. Worse still, it allows subsequent exploitation by threat actors, resulting in a data breach.

Mobile Device Vulnerability Management

The role of mobile devices in business operations cannot be understated — mobile devices have emerged as critical endpoints in IT infrastructures globally given their ubiquitous nature. Mobile devices enable users to remain productive from anywhere and at any time. Furthermore, the blend of power and performance means efficiency is baked right into all apps and workflows.

From staying securely connected to business resources wirelessly to communicating with distributed workforces effortlessly to empowering users to utilize the platforms and services they feel most comfortable to remain productive — the explosive growth of mobile device usage for work, coupled with its flexibility, makes it the de facto tool required for all organizations in remote and hybrid environments to fuel business operations.

Vulnerability challenges associated with mobile devices

Users and enterprises aren’t the only ones who are showing mobile devices love. As the modern threat landscape continues to evolve, threat actors continue to upgrade their tooling to increasingly target mobile devices being used to connect to organizational resources.

The biggest draw for threat actors is, undoubtedly, the sheer volume of users relying on mobile devices for work. “80% of IT executives said employees cannot do their jobs effectively without a mobile phone,” according to a recent mobile device in the enterprise study conducted by Oxford Economics and Samsung.

With increased exposure, so too comes increased security threats. Examples of some of the more common threats targeting mobile are:

• Connecting to unsecured wireless networks
• OS and application patches that are not current/out-of-date
• Shadow IT/Unsanctioned apps and services used
• Varying ownership models, like personally vs company-owned management
• Inability to streamline security policies across the infrastructure

Vulnerability Management Process

The Vulnerability Management lifecycle is a series of five steps that guide IT/Security pros through the holistic process of mitigating vulnerabilities. Each step that makes up the Vulnerability Management Workflow is a unique phase in the management process, but also one that serves to inform the subsequent steps in the workflow iteratively.

Identification

Before the process of identifying or remediating vulnerabilities can take place, administrators first need to begin by identifying each asset by conducting a thorough inventory of hardware and software.

Assessment

During this phase, administrators utilize scanners, device logs and other security tools to assess inventoried assets. This determines endpoints’ health statuses and compares them to baselines to determine device compliance levels.

Prioritization

Based on the results of the assessment, admins sort and organize findings, comparing them to resources, like the Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVEs) from MITRE and NIST’s National Vulnerability Database (NVD). This helps security teams classify vulnerabilities based on the potential impact on the organization, taking into account criticality and severity, as well.

Resolution

Armed with a list of vulnerabilities and sorted by criticality, IT/Security teams put fixes into place during this phase. Commonly moving from the most critical or impactful to the least severe vulnerability. While the optimal resolution is remediation, that is, fully addressing the vulnerability to prevent exploitation, this is not always an option. Other choices include mitigation and acceptance. The former minimizes the risk of vulnerability by making it more difficult for threat actors to exploit; while the latter is typically only selected in limited instances, such as:

• The vulnerability falls within accepted risk tolerance levels.
• Fixing a vulnerability proves more costly than its impact if exploited.
• The possibility of threat actors exploiting the vulnerability is unlikely.

Reporting

The final phase in the vulnerability management workflow exists so that security teams can document their findings for each vulnerability. This serves a dual purpose:

1. Provide feedback that iteratively informs current and future workflows, in addition to improving organizational security plans.
2. Serve as a “lessons learned” document, helping IT and Security teams to better align their strategies, processes and workflows to minimize risk in future occurrences.

Jamf tools and technologies in Vulnerability Management

IT and Security pros tasked with managing and securing Apple endpoints have their work cut out for them…but with Jamf as their partner, they’re not alone.

Jamf solutions offers a litany of technologies to help Apple admins with their vulnerability management workflows. Some examples of how Jamf solutions make short work of vulnerability management are:

Jamf Protect

A built-in dashboard of all CVEs associated with Apple operating systems (macOS and iOS/iPadOS), as well as, CVEs associated with all applications installed on managed endpoints.

Jamf Pro

Jamf App Catalog ensures that third-party applications are patched while policy-based management enforces compliance, keeping apps up-to-date.

Jamf Connect

Minimize the risk of vulnerabilities and their impact through Zero Trust Network Access (ZTNA) by preventing access to protected resources from compromised credentials and non-compliant endpoints.

Conclusion

Vulnerability management is a critical part of an organization’s overarching security plan. The ability of IT/Security teams to effectively identify, assess, prioritize, resolve and report vulnerabilities is crucial to preventing known vulnerabilities while minimizing the risk of further impact on organizational security.