登录查看更多内容

Last updated on 2024年10月14日

How do you balance automation and manual analysis in vulnerability assessment?

由人工智能和领英社区提供技术支持

Vulnerability assessment is a crucial process for identifying and prioritizing security risks in your systems, networks, and applications. However, it can also be challenging to balance the use of automation and manual analysis in this process. How do you decide when to rely on tools and when to perform human verification? In this article, we will explore some factors and best practices that can help you achieve a balanced and effective vulnerability assessment.

此文章中的业界达人

由社区从 5 条内容中精选。了解更多

Cmdr (Dr.?) Reji Kurien Thomas , FRSA, MLE?

I Empower Sectors as a Global Tech & Business Transformation Leader| Stephen Hawking Award| Harvard Leader | UK House…
Ajay Upadhyay

Information Security Expert / Cyber Security Enthusiast…

1 Benefits of automation

Automation can save you time, resources, and effort in performing vulnerability assessment. By using tools such as scanners, scripts, and frameworks, you can quickly and efficiently scan your targets for known vulnerabilities, generate reports, and track your progress. Automation can also help you cover a large scope of targets, reduce human errors, and maintain consistency in your assessment.

添加您的观点

Ajay Upadhyay

Information Security Expert / Cyber Security Enthusiast CISSP, CISM, CRISC, CCSP, CEH, CISA
举报内容
Balancing automation with manual analysis in vulnerability assessment includes: >Use of automated scanning tools such as Nessus, OpenVAS, and QualysGuard to speed through common vulnerabilities. >Automate the continuous monitor for the exploitation of current and latest real-time vulnerabilities. >Manual analysis detects the authenticity of an automated scan, so false positives decrease and the level of understanding about vulnerabilities increases. >Automated scans will hit the whole network while the manual efforts would target assets and high-risk critical systems. >It is very important that updates, skill building, and feedback loop follow each step of vulnerability assessments.

已翻译

赞
Felipe Mafra

CISO North America at Hitachi Rail
举报内容
Make your team more efficient with automation capabilities that are widely available on Vulnerability Assessment tools. Make automated scans and generation of reports so your team can focus on the assessments and research. Consider integrations with ITSM solutions, so it can open the Change Requests that your infra team may require to apply those remediation activities.

已翻译

赞

2 Limitations of automation

However, automation is not a silver bullet for vulnerability assessment. There are some limitations and challenges that you need to be aware of when using automation. For example, automation can miss some vulnerabilities that require contextual or logical analysis, such as business logic flaws, authorization bypasses, or zero-day exploits. Automation can also produce false positives or negatives, which can affect your accuracy and reliability. Furthermore, automation can introduce some risks, such as damaging your targets, violating legal or ethical boundaries, or exposing sensitive information.

添加您的观点

Felipe Mafra

CISO North America at Hitachi Rail
举报内容
You need to balance automation with collaboration. Automating the generation of vulnerability scan reports and sending them automatically to the remediation owners is not a good sign of collaboration, and you will get less priority. Automate scans and even creation of tickets, but work in a collaboration, supporting teams on which vulnerabilities must be remediated first on a priority-based and risk-based approach

已翻译

赞

3 Benefits of manual analysis

Manual analysis can complement automation by providing more depth, insight, and validation in your vulnerability assessment. By performing manual analysis, you can verify the results of your automated tools, eliminate false positives or negatives, and discover vulnerabilities that automation cannot detect. Manual analysis can also help you understand the impact, root cause, and exploitability of the vulnerabilities, as well as provide recommendations for remediation.

添加您的观点

Felipe Mafra

CISO North America at Hitachi Rail
举报内容
Not all tools are false-positive free. You may have 3~8% of false-positive ratio, which needs to be assessed manually. If you use a risk-based approach, consider reviewing the scan results and provide to the remediation owners just the ones that are required to be remediated first. This is only possible with manual work, otherwise you won't get the commitment you are expecting.

已翻译

赞

4 Limitations of manual analysis

However, manual analysis also has some drawbacks and challenges that you need to consider when performing vulnerability assessment. For example, manual analysis can be time-consuming, costly, and labor-intensive, especially if you have a large or complex target scope. Manual analysis can also depend on the skill, experience, and judgment of the analyst, which can introduce human errors, biases, or inconsistencies. Furthermore, manual analysis can require some tools, techniques, and permissions that may not be readily available or accessible.

添加您的观点

5 Factors to consider

When conducting a vulnerability assessment, it is important to consider factors such as the scope and complexity of your target, the risk level associated with it, and the resources and constraints available. A larger and more complex target may require more automation for efficient and effective scanning, as well as manual analysis to verify results and find vulnerabilities that automation may miss. When assessing a higher risk target, manual analysis is necessary to understand the impact and exploitability of vulnerabilities, as well as provide remediation advice. Automation can be used to prioritize and mitigate the most critical vulnerabilities quickly. Resources and constraints such as budget, time, staff, tools, access permissions, policies, regulations, and ethics must be balanced to optimize the vulnerability assessment process and outcome.

添加您的观点

6 Best practices

To achieve a balanced and effective vulnerability assessment, you should plan and define your goals, scope, methodology, and criteria. This will ensure that your automation and manual analysis are aligned with your objectives and expectations. Additionally, it’s important to choose and use the appropriate tools and techniques for your automation and manual analysis to maximize performance and functionality. Validation and verification of the results will help eliminate false positives or negatives, confirm the existence and severity of the vulnerabilities, and provide evidence for your findings. Communication and collaboration with stakeholders and team members should also be a priority throughout the vulnerability assessment process in order to share information, feedback, and recommendations.

添加您的观点

7 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Cmdr (Dr.?) Reji Kurien Thomas , FRSA, MLE?

I Empower Sectors as a Global Tech & Business Transformation Leader| Stephen Hawking Award| Harvard Leader | UK House of Lord's Awardee | Fellow Royal Society | CyberSec I 200x LinkedIn Top Voice | CCISO CISM
举报内容
Use automated tools to perform baseline scans regularly, ensuring that common vulnerabilities are identified & addressed quickly. For a government agency, we implemented automated baseline scanning using OpenVAS. These scans were scheduled to run weekly, providing a consistent overview of the security posture. This automation allowed us to identify & patch common vulnerabilities promptly, ensuring that the system remained secure against well-known threats. Integrate both static & dynamic analysis techniques to cover different aspects of the software and its runtime behaviour. During an audit for a SaaS provider, we used static analysis tools like SonarQube for code reviews & dynamic analysis tools like Burp Suite for runtime testing.

已翻译

赞

Vulnerability Assessment

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How do you balance automation and manual analysis in vulnerability assessment?

1

2

3

4

5

6

7

1 Benefits of automation

2 Limitations of automation

3 Benefits of manual analysis

4 Limitations of manual analysis

5 Factors to consider

6 Best practices

7 Here’s what else to consider

Vulnerability Assessment

给文章评分

感谢您的反馈

更多Vulnerability Assessment相关文章

更多相关阅读内容