Security threats come in a dizzying area of shapes and sizes. They range from malware, to improperly configured IAM policies, to malicious insiders and beyond.
How can you identify and remediate so many different types of threats? The answer is threat and vulnerability management. Here’s a primer on how threat and vulnerability management works, and why you may wish to add it to the list of managed services that you offer as an MSP.
What Is Threat and Vulnerability Management?
Threat and vulnerability management is the detection, assessment and remediation of the threats and vulnerabilities that exist within an IT environment. It applies to threats of all kinds across all layers of the environment - from the network, to storage, to applications, to cloud services and more.
Threat and vulnerability management is an ongoing process. To perform it well, you should constantly scan for, evaluate and react to threats. New threats arise all the time, so continuous management is the only way to stay on top of them.
It’s worth noting that threat and vulnerability management is only one pillar of modern IT security. You should also plan for security priorities before you implement systems, perform regular IT security audits and educate end-users in security best practices. Threat and vulnerability management complements these other activities by helping you to find and address threats that slip through the cracks of other containment measures.
Areas for Threat and Vulnerability Management
Again, threat and vulnerability management is a broad practice that applies to threats of all types. However, common areas of focus include:
- Security configuration management: Are applications, access control policies, cloud services and so on configured in a secure way? Do configurations adhere to the principle of least privilege? Are there any unforeseen security gaps in the policies, such as accidental exposure of data to the public Internet?
- Web server hardening: Are Web servers subject to port scanning, DDoS attempts, SQL injection attacks or other types of risks? Are there vulnerabilities in your Web server configuration that make it prone to threats?
- High-risk software audits: Are critical applications configured to resist attacks like code injection attempts? Do you run multiple instances of those applications so that they remain available even if one instance is brought down by an attack?
- Port audits: Which ports are open in your environment, and which ones are reachable from the public Internet? Are any ports using an authentication service that is configured with default login credentials?
Answering questions like these helps to find, and make plans to fix, vulnerabilities and threats that may be lurking within an IT environment.
Essential Tools for the Job
Attempting to perform threat and vulnerability management by hand is not realistic. Not only would it take far too long, but manual scanning and review makes it harder to follow a consistent process for finding and evaluating threats. One admin may approach the process differently from another, or have a different understanding of what constitutes a threat, leading to inconsistent results.
Instead, teams should rely whenever possible on tools that can automatically and continuously scan for threats. This is where Security Information and Event Management (SIEM) platforms come in handy. Using a variety of data sources, such as application logs, network traffic metrics and authorization events, SIEM tools can detect threats as they arise and help teams mitigate them before they turn into serious problems.
Offering Vulnerability Management to Your MSP Clients
Offering threat and vulnerability management as a managed service can be a smart way to expand your MSP business, under the right circumstances. This type of offering is usually most attractive to larger customers with large and complex IT environments. It will also be well received by clients who face rigid compliance requirements, and who may need formal certifications that they have certain IT security processes in place.
If you are a smaller MSP and lack the tools and personnel necessary to perform threat and vulnerability management yourself, but you wish to offer it to clients, consider partnering with an existing MSSP who can fill the gap.
Further reading How and Why to Build Alliance with an MSSP
If you decide to offer threat and vulnerability management, it’s helpful to have certifications that demonstrate your security expertise to clients. Key credentials to consider include:
- Certified Information Systems Security Professional (CISSP).
- SANS GIAC Security Essentials (GSEC).
- CompTIA Security+.
- GIAC Certified Incident Handler (GCIH).
For details on these and other security certifications, check out our article “Must-Have Security Certifications for MSSPs.”
Combined with other security processes, threat and vulnerability management helps organizations keep ahead of critical security risks. For MSPs with the requisite resources and security expertise, it can be a valuable way to expand managed services offerings by providing clients with security solutions on top of other managed services.