Mobile and remote devices pose an interesting challenge for your vulnerability management program. The foundation of most vulnerability management programs is doing active vulnerability assessments. But devices that aren’t connected to the local network while a vulnerability assessment is taking place are not included.
The mobile and remote devices need to be included in the vulnerability management program because, after all, these devices are not immune to the types of vulnerabilities, configuration errors and malware that plague other IT assets.
With the proliferation of devices, vulnerabilities in mobile and remote devices can become a really big deal, really fast. A recently discovered vulnerability in Stagefright, a piece of code in Android, can be exploited by hackers to send malware to any user via text message. If the reports are correct, your device can be infected even if you don’t open the message. Almost a billion phones are at risk.
Fortunately technology is available so these mobile and remote devices can be included in your vulnerability management program. We’ll explore a couple of options in this article.
A big challenge with mobile devices is that they’re mobile. They hop from 3G to 4G to wireless networks seamlessly and are turned off and on at random times.
A good technology to implement for mobile devices is mobile device management (MDM). With MDM, you set policies for devices to follow; for example: enabling remote wipe, turning on encryption, or setting complex passcodes. Security teams often struggle to verify that IT is enforcing the mobile policies and it can be overwhelming to manually dig through MDM system logs. By integrating MDM auditing with your vulnerability management solution you can automatically audit those MDM results and flag devices that do not adhere to policy.
While they’re similar to mobile devices, Windows and Mac laptops that remote workers use introduce different vulnerability management challenges. For example, not that long ago, most laptop access was through a secure VPN to get to company resources. Today, with more things being accessed through the cloud, typical remote employees probably don’t use the VPN at all, and can still get all of their work done.
To include these portable devices in your vulnerability management program, you can run a program directly on the devices that collect vulnerability data and report back to a central vulnerability manager. In many vulnerability solutions, these programs are called agents. Any agent must be lightweight, secure, and easy to install and update. Agents matching those criteria can collect vulnerability, configuration and malware data on remote devices, and can report results back to a central manager, making them a useful strategy for including remote devices in your vulnerability management program.
But while technology can capture a massive amount of vulnerability data, if stays in a silo, it’s just a bunch of data. And it’s easy for data to stay in silos because the technology that obtains it is often owned by different groups – like IT and security. By working together to integrate data into the overall vulnerability management program, you’ll get a big picture view that helps you make better decisions on what to spend, policies to put in place, and how to prioritize resources.
For more ideas on improving your vulnerability management program, download Tenable’s free eBook: 10 Steps for Achieving Effective Vulnerability Management.