Vulnerability Management Architecture

Abstract

Once a vendor has been selected for vulnerability management, the process of an actual implementation will vary greatly from one vendor to another. The simple question is why? Each of the leading vendors has taken a different technology approach to instrumenting vulnerability management at the console or management layer but is actually very similar at the scanning layer. This is why you hear security professionals state, “a network scanner is a network scanner” or that “vulnerability assessment is a commodity.” The truth is that scanners are definitely a commodity but how the data is aggregated, scans are performed, and the type of reports available are what differentiate each of the vendors. They all have false positives; they all have false negatives; some are faster at scanning one type of asset over another; and in the end, it’s the people and support that will make the difference with results and integration from the management console. Some security professionals will have a favorite solution but the deployment of each, from a management console perspective – not scanner, will vary due to on-premise technology, hosted solution, peer-to-peer databases, air gapped networks, appliances, agents, etc. All deployments need the traits discussed in this book, but the architectural topology from one vendor to another will be different. Some will connect to the cloud, some will use a spoke-and-wheel tiered hierarchy, and others peer to peer. Which architecture fits your network best is a decision only you can make. Consider the following: