Vulnerability Management

Best practices for the identification, evaluation and remediation of technology related vulnerabilities.

Developing a solid vulnerability management program is easier said than done.  IT professionals are faced with a constant stream of software vulnerabilities, and it is a challenge to triage and prioritize patches.  We find that even highly publicized vulnerabilities actively being exploited by attackers can be overlooked by seasoned IT professionals.  Having a vulnerability management framework in place that regularly scans for new vulnerabilities is crucial for preventing cybersecurity breaches.  Fortunately, Corvus is here to be your partner in vulnerability management.

Getting Started with Vulnerability Management

Check your Corvus Scan report quarterly!  Hopefully by now you’ve logged into your Policyholder Dashboard (if you have not, please email us to request access).  Once you’ve activated your account, you will automatically receive your Corvus Scan report on a quarterly basis.  Should you have follow up questions about the report, email our Risk & Response Team for answers.

The Corvus Scan assesses your organization’s cybersecurity hygiene by analyzing your public-facing web infrastructure and combining this data with internet-wide vulnerability and threat research.  Discoveries made by the scan are aggregated, and the resulting numerical scores get pulled into the easy-to-digest report, and ultimately into a single number for the Corvus Score.  The report also contains recommendations drawn from security best practices and weighted by severity and potential to improve your organization’s security.  For more on how the Corvus Scan works, click here.

Inventory Your IT Assets

Maintain an inventory of all technology in use across your organization.  From hardware to software, if you do not have an inventory of technology it is impossible to appropriately secure and manage that technology.  Some examples of asset management best practices can be found here.

Best Practices for Vulnerability Management

  • Observe Microsoft Patch Tuesday - Resources from Microsoft regarding their regular updates and releases of software patches across their entire product portfolio every month on the 2nd Tuesday of each month.
  • Operationalizing Patch Management - So you have found a bunch of vulnerabilities and you need to remediate; learn how to go about operationalizing a process to enable this to be part of day to day operations within IT or by your IT service provider.
  • Learn about Virtual Patching.

👉 Note: In addition to the practices above, here's a helpful article on best practices for vulnerability management.