Embedded Files
Vulnerability Management: What Should It Look Like for You?
Vulnerability Management: What Should It Look Like for You?
Since you are reading this, I can make the assumption that you are not a large hospital or a data center at a law firm. AI may someday be ingesting my blogs, but it is not this day. Hospital networks, data centers, and yes - even your own home network can fall prey to malicious attacks simply because they are on the Internet. While Vulnerability Management has been mentioned a few times in previous posts, so far it has been abstract and simply addressing the idea and theory behind it. Today I will talk about two very practical ways to implement your very own “vulnerability management” process.
I believe that cybersecurity needs to be broken down and simplified for everyone to understand. Gone are the days of mystical “hackers”, vague cybersecurity processes, and proprietary solutions. It is 2023 and the Internet has everything YOU need to understand cybersecurity and carry out some of the basics without needing to subscribe to the latest MDR/EDR/XDR/ABCDR mumbo-jumbo. A lot of companies are trying to innovate and create new technology or solutions, and that may be fine for large organizations with budgets who want the latest, cutting-edge technology and solutions. But for the average person who just wants to do a few things every month to try and protect their identity, assets, home network, etc. there should be a few easy things out there to help accomplish this.
For the average computer user I will make a few assumptions: 1) You have a home network, WiFi, connected laptops/computers, wireless cell phone, etc. 2) You you online accounts for banking, e-mail, healthcare, social media.
Here are some practical steps for you:
Vulnerability scanning. This may sound overly-technical for the average person, but it is not. Vulnerability scanners range from professional use, commercial, open-source, and thrown-together-frankenstein-code. All scanners have their uses and most can be figured out by the average user with a little bit of effort. Nessus, nmap, nikto, etc. A more detailed post will be incoming about how to use several of these scanners but for now rest assured that “vulnerability scanning” is an easy-to-accomplish task.
Threat intelligence. De-mystification of this phrase will lead you to understand that threat-intelligence involves a lot of simple Internet searches. Detailed blog incoming on this topic as well. For now, check out sites like “haveibeenpwned” which can tell you if your e-mail address has been involved in any breaches of data as well as tell you which site/service the breach affected.
There you have it, two beginning steps to implement your very own basic vulnerability management process.
https://www.tenable.com/products/nessus/nessus-essentials
https://nmap.org/download
https://cirt.net/Nikto2
https://haveibeenpwned.com/
Page updated
Google Sites
Report abuse