4 Steps to Vulnerability Management and Incident Response for Endpoints

By: Josh Mayfield | 2/21/2018

A mature endpoint security strategy can significantly reduce the risk of an incident leading to a larger breach. As your first line of defense, investing in endpoint security helps prevent or at least slow the spread of threats, maintain some level of operations, and protect users. An effective endpoint security strategy can be as layered as you want it to be however you'll have a strong foundation if you build off of 4 strategies which I outline in my new guide, 4 Essential Strategies to Endpoint Security Protection.

The first strategy is strong Asset Management and Software Auditing followed by Vulnerability Management and Dealing with Incidents. We all hope bad things won’t happen, and we work incredibly hard to mitigate the risks inherent in operating and managing technology today… but it’s inevitable that something will happen. Balancing the needs of your business against the exposure of threats, which is as much art as science, makes vulnerability management one of the most critical pieces of your security puzzle. It's also one of the hardest to keep up with. For this reason, you must also have a plan and process in place for dealing with incidents.

Here are 4 steps:

Step One: Triage and Prioritize Resources

Regularly run vulnerability scans of known assets for weaknesses and vulnerabilities, cross referencing against asset lists. Use a consistent scoring system or tool to remove biased judgement from vulnerability assessment and fix critical vulnerabilities right away. Keep note of exceptions during scans and have a plan to re-assess low risk vulnerabilities, which may become high risk later.

Step Two: Automate 

Automation is the key to maximizing resources. Automated patching, supported by an extended Reach beyond traditional bounds, can help push patches while GRC tools can provide an exceptional level of value to understand your overall business risk.

Stay cybersecure with Absolute

Step Three: Have (and Practice) Your Plan

As cliché as it is, if you fail to plan, you are planning to fail. Clearly define what constitutes an incident and breach with a clear understanding of the compliance rules and breach notification laws that may apply during an incident. Based on the incident, you’ll need clarity on who responds, who is notified - and how quickly these steps need to happen. When you practice, it will become clear how quickly you can get systems back online, if your backup plans are solid, or if your forensic team is able to conduct their investigations with minimal operational impact.

Step Four: Learn From Your Incidents

How you learn from your incidents is almost as important as how you responded. Fully investigating the how and why, and reporting to all parties with easy-to-understand reports can help build better bridges between security staff and other business units, creating a more effective and collaborative security program throughout your organization.

Learn more about the key strategies for building and maintaining a comprehensive ecosystem of management and security controls for all of your endpoints in our webinar, Four Essential Strategies for Endpoint Security & Protection.

Financial Services