Application Vulnerability Management

-->

1. Application Vulnerability Management
2. Application Vulnerability Management Tools
3. Application Vulnerability Management Process
4. Application Security Vulnerability Management
5. Application Vulnerability Management Definition

2017 Global Vulnerability Management Market Leadership Award. Qualys continues to lead the market with new network coverage and security solutions that leverage its cloud-based platform for scalability, automation, and ease of use. Application Vulnerability Management It is common for software and application developers to use vulnerability scanning software to detect and remedy application vulnerabilities in code, but this method is not entirely secure and can be costly and difficult to use.

Applies to:

Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat & Vulnerability Management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.

It helps organizations discover vulnerabilities and misconfigurations in real-time, based on sensors, without the need of agents or periodic scans. It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context.

Next-generation capabilities

Threat & Vulnerability Management is built-in, real-time, cloud-powered, fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledgebase.

It is the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM).

It provides the following solutions to frequently-cited gaps across security operations, security administration, and IT administration workflows and communication.

• Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
• Linked machine vulnerability and security configuration assessment data in the context of exposure discovery
• Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager

Real-time discovery

To discover endpoint vulnerabilities and misconfiguration, Threat & Vulnerability Management uses the same agentless built-in Microsoft Defender ATP sensors to reduce cumbersome network scans and IT overhead, and provides:

• Real-time device inventory. Devices onboarded to Microsoft Defender ATP automatically report and push vulnerability and security configuration data to the dashboard.
• Visibility into software and vulnerabilities. Optics into the organization’s software inventory, and software changes like installations, uninstallations, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications.
• Application runtime context. Visibility on application usage patterns for better prioritization and decision-making.
• Configuration posture. Visibility into organizational security configuration or misconfigurations. Issues are reported in the dashboard with actionable security recommendations.

Intelligence-driven prioritization

Threat & Vulnerability Management helps customers prioritize and focus on those weaknesses that pose the most urgent and the highest risk to the organization. Rather than using static prioritization by severity scores, Threat & Vulnerability Management in Microsoft Defender ATP highlights the most critical weaknesses that need attention by fusing its security recommendations with dynamic threat and business context:

• Exposing emerging attacks in the wild. Through its advanced cyber data and threat analytics platform, Threat & Vulnerability Management dynamically aligns the prioritization of its security recommendations to focus on vulnerabilities that are currently being exploited in the wild and emerging threats that pose the highest risk.
• Pinpointing active breaches. Microsoft Defender ATP correlates Threat & Vulnerability Management and EDR insights to provide the unique ability to prioritize vulnerabilities that are currently being exploited in an active breach within the organization.
• Protecting high-value assets. Microsoft Defender ATP’s integration with Azure Information Protection allows Threat & Vulnerability Management to identify the exposed machines with business-critical applications, confidential data, or high-value users.

Seamless remediation

Microsoft Defender ATP’s Threat & Vulnerability Management allows security administrators and IT administrators to collaborate seamlessly to remediate issues.

• Remediation requests to IT. Through Microsoft Defender ATP’s integration with Microsoft Intune and System Center Configuration Manager (SCCM), security administrators can create a remediation task in Microsoft Intune from the Security recommendation pages. We plan to expand this capability to other IT security management platforms.
• Alternate mitigations. Threat & Vulnerability Management provides insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
• Real-time remediation status. Microsoft Defender ATP provides real-time monitoring of the status and progress of remediation activities across the organization.

Application Vulnerability Management

Related topics

What is vulnerability management

Vulnerabilities—exploitable weaknesses in application code—are used to facilitate attacks that can lead to data theft, malware injection and server takeover, among other consequences.

Vulnerability management is the process of rooting out and eliminating these weaknesses before they’re abused. It’s typically achieved through the following methods:

• Vulnerability scanning – The attempted sanitization of code environments through periodic penetration (pen) testingand code review, typically performed after updates are made to your application.
• Patch management – The deployment of vendor-provided patches for newly discovered (e.g., zero-day) vulnerabilities in third-party software used by your application.
• Input validation/sanitization – The filtering and verification of incoming traffic by a web application firewall (WAF). This blocks attacks before they can exploit vulnerabilities and is a substitute for fully sanitizing your application code.

Limitations of vulnerability scanners

Vulnerability scanning involves using either a software or hardware-based scanner to locate soft spots in your code that can be exploited by known attack vectors. Soft spots are typically a result of unsanitized code that permits illegal inputs.

Scans involve periodic pen tests and code reviews to uncover weak spots in your application, followed by code updates to remove vulnerabilities. Code is rescanned afterward to ensure that vulnerabilities have been weeded out. This code review and modification cycle should be conducted after code updates and anytime new attack vectors that could endanger your application are discovered.

As a whole, vulnerability scanning comes with several operational issues. For one, new vulnerabilities continually pop up, making scanning a frequent and resource-intensive process. Moreover, complete code sanitization is rarely achieved, as the body code usually exists in a continual state of change. This is on top of the fact that it’s impossible to predict all attack scenarios.

Lastly, vulnerability scanning cannot help with rapid responses to newly uncovered (zero-day) threats. This is crucial, as most exploits take place soon after new vulnerabilities are made public. Response time to such threats becomes a key component of any vulnerability management strategy—one that can’t be addressed by a prolonged cycle of code review and sanitization.

Patch management

Patching newly discovered vulnerabilities relies on a third-party (usually a software’s creator) to develop and test patches for their software. Your security and DevOps teams are responsible for deploying the patches.

Application Vulnerability Management Tools

Similar to vulnerability scanning, patch management’s Achilles heel is its lack of responsiveness.

Typically, patching delays occur as a result of:

Application Vulnerability Management Process

• The time it takes for a new threat notification to reach your security team
• Your software creator’s ability to develop and test new patches
• How long it takes your security team to apply the patch and test its implementation

Consequently, fully patching a vulnerability can take days, weeks, or sometimes even longer—especially if there is a concern that a patch might affect your application’s core functionalities.

As a rule of thumb, the longer the patch process takes, the more likely it is that the vulnerability has already been exploited. Often by the time a patch is deployed it’s already too late. While patching is always considered best practice, this is why it should never be the only/main component of any vulnerability management strategy.

Application Security Vulnerability Management

Input validation/sanitization

Input validation/sanitization is the process of deploying a web application firewall (WAF) on the edge of your network. Here it’s able to review all incoming traffic to your application, filtering out malicious inputs that target security vulnerabilities.

Input validation effectively solves vulnerability scanning and patch management issues for the following reasons:

Application Vulnerability Management Definition

• It doesn’t require code updates
  Both the scanning and patching processes are ineffective because they rely on code updates, which introduces delays into a time sensitive process. With input validation, however, you can easily update your WAF security policy instead of tweaking your application code. This greatly simplifies the process and lets you respond to new vulnerabilities within hours, instead of days or weeks. Moreover, modifying a security policy on the WAF level means you don’t need code updates that can potentially inhibit your application’s functions.
• It’s operated by a team of security experts
  Certain WAF providers, such as Imperva, offer their solution to you as a managed service. This means the WAF is backed by teams of dedicated, around-the-clock security experts engaged in proactive research to immunize the service from new threats. As a subscriber, their efforts relieve you of having to closely monitor security updates, while offering the benefits of having in-house security research—all without bearing the cost of retaining such dedicated services on your own.
• Customizable security rules
  Default security rules in most WAFs can be customized to address specific vulnerabilities. Your in-house security experts can use them to apply additional policies on top of default security rules. Using custom security policies lets you flexibly address specific security scenarios unique to your application—without having to make any code changes. This makes the process significantly more flexible and less labor intensive.
• Virtual patch management
  Virtual patching is the process of deploying a patch on the WAF level, which is then applied across every application protected by the service. While not a substitute for patching software vulnerabilities, it’s an early response system that can effectively mitigate an immediate threat. This gives your team time to test and implement vendor-provided patches in the interim, without having to worry about perpetrators exploiting an exposed vulnerability.