A program that I use to maximize my collection potential is Website Watcher (although I don't like to endorse products on this forum, this tool should be considered to save you a lot of daily websurfing Some good initial sources to monitor are the Bugtraq database at (which has an associated RSS feed) and Secunia () which offers you the advantage of monitoring a single technology. Many offer RSS feeds that you can consult on a daily basis. There are numerous free sources of vulnerability intelligence to get you started. First, never underestimate a good RSS feed. Since this is all on-the-cheap, I am going to skip subscription based services and share a couple of my secret-weapons of collection. This is where all of the cool toys are, and where likely spends most of their budget. The Collection phase is often the phase that gets the most attention. If your organization requires a long head-start or advance-warning, then on-the-cheap may not provide you with the results that you need. Another decision that needs to made is the timeframe for the process.
Which may not exactly meet your organization's goals. Without such focus, a team runs the risk of dealing with what is currently getting the most media attention. For example, "Is our environment unnecessarily vulnerable?" or "What attacks are we currently vulnerable to?" are somewhat broad, especially for an intelligence program "on-the-cheap." Target questions such as: "what patches should we be focusing on today?" or "How vulnerable are our mailservers?" are a bit easier to deal with on a budget. The goals should be defined as the questions that management and other consumers want to have answered. If not enough time is spent defining these goals success of the program is at-risk. This is when management and other stakeholders define the goals of the Vulnerability Intelligence. Like any intelligence process, be it on the battlefield in the form of Military Intelligence, or in the marketplace under the guise of Competitive Intelligence, Vulnerability Intelligence follows the same cycle:ĭissemination The start of the cycle is Planning and Direction. While a Vulnerability Assessment process will tell you what needs to be patched, Vulnerability Intelligence should tell you what needs to be patched first and what new patches need to be evaluated. It should dovetail with a Vulnerability Assessment process and a patching/remediation process. A Vulnerability Intelligence program should be a key component of any sound network security strategy.
0 kommentar(er)
