Vulnerability Assessment and Management

Overview

Welcome to the Vulnerability Assessment and Management module. In this section, you'll be guided through the process of using our vulnerability assessment and management tool. You'll learn how to:

• Access the module interface.
• Create and configure a VAM scan.
• Navigate the dashboard and understand its components.

Vulnerability assessment and management is a process for identifying, evaluating, and addressing security weaknesses in an organization’s systems and networks. It involves scanning for vulnerabilities, assessing their impact, and prioritizing them by severity. This includes using tools and techniques to find vulnerabilities, analyzing the results, and generating reports for remediation. Management then involves applying patches, adjusting security settings, and monitoring for new threats. The goal is to enhance security, reduce risk, and protect against potential exploitation.

Navigate to the module:

• Click on the menu icon to show all the different modules

• Under the Attack Surface Management module, click on Vulnerability Assessment and Management (VAM)

How to Create a Scan

• To create a VAM scan you must first go to the scans dashboard as shown in the picture

• Then you click the New Scan button

• A modal then pops up to showcase the types of scans that can be conducted. Once a type is chosen, click next to proceed.

• Input fields are shown to be filled out to start a scan:
  
• Name - name of the organization 
• Description - description of the scan
• Target - link of where the scan will be conducted, i.e www.example.com

• Once the information is filled out, click start scan. The newly created scan will be placed in the scans dashboard.

Scans Dashboard:

The scans dashboard provides a comprehensive overview of all ongoing scans, displaying the percentage of completion for each one. Additionally, it highlights the number of detected severities and vulnerabilities, offering a clear and detailed snapshot of the scan results.

• Clicking on the view button for a completed scan shows a full in-depth analysis on the results of the scan

Vulnerability Assessment and Management Dashboard:

• Offers a comprehensive overview of the organization's risk profile and vulnerabilities.

Vulnerability Score:

The total risk presented by vulnerabilities found in an organization's systems is measured by the Overall Vulnerability Score in a Vulnerability Assessment and Management (VAM). This score is the result of assessing various elements, including each vulnerability's criticality, possible impact, exploitation, and severity. Metrics like the Common Vulnerability Scoring System (CVSS) scores, which grade vulnerabilities according to their effect and ease of exploitation, are also included. The overall vulnerability score aids in prioritizing repair activities by offering a consolidated view of the organization's risk exposure. This helps direct resource allocation to address the most urgent security concerns and improve the organization's overall security.

Overall Vulnerability Score - Trend:

The Vulnerability Score Trend tracks changes in the overall vulnerability score over time, showing how the organization's risk posture evolves. This trend helps assess the effectiveness of remediation efforts, identify recurring issues, and evaluate long-term security strategies. By analyzing these trends, organizations can gauge improvements in their security posture and make informed decisions to enhance cybersecurity.

Vulnerability Scans:

Running Scans - Indicates how many scans are running

Completed Scans - Indicates how many scans were completed

Assets Scanned - Indicates how many assets were scanned

Vulnerabilities by Severity & Asset Type:

The charts displaying "Vulnerabilities by Severity" and "Vulnerabilities by Asset Type" provide a comprehensive breakdown of identified vulnerabilities within an organization. The "Vulnerabilities by Severity" chart categorizes vulnerabilities into critical, high, medium, low, and informational levels, offering a clear view of their distribution based on their severity. This classification helps in prioritizing remediation efforts according to the risk they pose. Meanwhile, the "Vulnerabilities by Asset Type" chart illustrates the count of vulnerabilities detected across various asset categories, such as web assets, network assets, and mobile assets. This chart allows organizations to understand which asset types are most vulnerable, facilitating targeted risk management and more effective allocation of security resources. By visualizing these metrics, the charts assist in identifying patterns and trends, ensuring a strategic approach to enhancing overall security posture.

• To view detailed information about each vulnerability and its scan location, click on any colored segment of the graph or chart. This action will open a modal displaying comprehensive details including the CVE identifier, severity level, target, asset name, and URL associated with the specific type of severity scanned.

Top CVEs Detected & Top Vulnerable Assets:

The Top CVEs Detected and Top Vulnerable Assets provide crucial insights into an organization's security posture by identifying prevalent vulnerabilities and at-risk assets. The Top CVEs Detected report highlights the most frequently found Common Vulnerabilities and Exposures (CVEs) within the organization, focusing attention on the most common and potentially severe vulnerabilities that need immediate remediation. In contrast, the Top Vulnerable Assets chart identifies which specific assets are most frequently affected by vulnerabilities. Together, these metrics enable organizations to prioritize their security efforts by addressing both the most critical vulnerabilities and the assets most susceptible to threats, thereby improving overall risk management and resource allocation.

• Clicking on one of the top vulnerable assets reveals a detailed scan history for that asset. This comprehensive view includes information such as the CVE identifier, severity level, CVSS score, URL, and asset name. Unlike the summary view, which displays only average severity, average rating, and the number of vulnerabilities scanned, this detailed view provides a deeper insight into each specific vulnerability associated with the asset.

If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.