10/13/2021 | Press release | Distributed by Public on 10/13/2021 06:40
Protecting IT infrastructure, applications, and data requires that you understand security weaknesses attackers can exploit. Conducting a vulnerability assessment is essential to gaining that understanding. To get a clearer picture of this essential security practice, we'll look at its different types, how the practice is changing, and how vulnerability assessment tools fit into your overall approach to managing application security.
Vulnerability assessment is the process of identifying, quantifying, and prioritizing the cybersecurity vulnerabilities in a given IT system. The goal of an assessment is to locate weaknesses that can be exploited to compromise systems. Examples of such weaknesses are errors in application code, misconfigured network devices, and overly permissive access controls in a database. Vulnerability assessment is an established area of security.
In all, there are seven types of vulnerability assessments, each with its own focus and methods:
A common phrase you might hear alongside "vulnerability assessment" is "risk assessment."Vulnerability assessment spots weaknesses that could be exploited, whereas risk assessment identifies the likelihood that each vulnerability could be exploited and the business impact if such an exploit were to occur.
The world is changing fast. Organizations are moving to the cloud, building cloud-native applications that heavily leverage open-source software, and adopting new practices such as Agile and DevOps to deliver applications more rapidly.
As a result, some of the traditional approaches to vulnerability assessment are no longer working as well as security practitioners would like. For example, with continuous integration and continuous deployment (CI/CD), the software changes frequently and automatically, and there's often not enough time to perform traditional software vulnerability tests. When we recently surveyed 700 CISOs around the world, 63% told us their accelerated pace of software production and delivery have made it more difficult to detect and manage software vulnerabilities .
As a result of these transformations, organizations are re-evaluating their approach to vulnerability assessments and application security as a whole.
Vulnerability assessment is the first step in the larger process of vulnerability management, which has the goal of reducing your attack surface to make it harder for an attacker to compromise your IT assets.
Some existing vulnerability assessment tools focus on application vulnerabilities, while others focus on host vulnerabilities, cloud infrastructure vulnerabilities, or device vulnerabilities. Most traditional assessment tools aren't well suited for cloud applications. Those that scan source code will frequently produce false positives, while those that are traditional runtime products have a difficult time seeing application-layer vulnerabilities inside containers.
Dynatrace's Application Security Module includes runtime vulnerability detection as part of its Software Intelligence Platform. Unlike traditional security tools that examine source code or container manifests, Dynatrace sees which open-source libraries are actually used in runtime, how they are used, and the context in which they are used - whether the process is exposed to attack, has connections to "crown-jewel" databases or faces other factors. This rich information is fed into our AI engine, Davis, which then computes a Davis Security Score for every vulnerability. This enables Dynatrace to generate uniquely accurate risk scores (much more accurate than just the Common Vulnerability Scoring System) and helps IT teams understand which vulnerabilities are important and which risks could truly impact the business.
Interested in learning how security professionals view the state of security and how Dynatrace can help address the challenges they're seeing? Download our 2021 CISO report or our eBook on securing cloud-native applications.