Assessing software vulnerabilities:

Vulnerability Manager Plus regularly scans your network for vulnerabilities. Once vulnerabilities are detected, then they are displayed in the web console. New vulnerabilities are being discovered constantly, therefore, it might get overwhelming for an user to decide on which vulnerability to remediate first. Therefore vulnerabilities should be assessed and prioritized based on the risk it presents to the enterprise. Vulnerability Manager Plus helps you assess the risk posed by vulnerabilities with the help of following parameters:

Severity levels:

Vulnerabilities are classified into four severity levels ranging from low to critical based on its impact and exploitability.

Critical:

Vulnerabilities in the this range are easily exploitable and can result in root-level compromise of servers, remote code execution, information disclosure, etc. These vulnerabilities inflict great damage to the organization, therefore should be prioritized and remediated first.

Important:

Vulnerability that falls under this range are quite difficult to exploit but exploitation of them could result in significant data loss or downtime. Therefore, these vulnerabilities should be remediated once all the critical vulnerabilities are removed from your systems and servers.

Moderate:

Vulnerabilities in the medium range requires social engineering, or an access to the local network to be exploited. Even when exploited, these vulnerabilities have very limited access and, to the maximum extent, can cause Denial-of-service (DoS).

Low:

Vulnerabilities in the low range typically have tiny or no impact on an organization's business and may require local or physical system access to be exploited.

Exploit status:

This parameter displays whether an exploit code is available for the vulnerability or not. Vulnerabilities for which the exploit code have been disclosed are at a high-risk of being exploited. Exploit-code-available vulnerabilities with critical severity levels must be prioritized and eliminated at first.

Vulnerability Age:

Vulnerability Manager Plus lets you calculate the age of a vulnerability either from the date on which the vulnerability is published or from the date on which it is discovered in your network. Letting a vulnerability reside in your network for a longer time is an indication of weak security. Therefore, vulnerability age must be taken into consideration while prioritizing vulnerabilities.
Using the above mentioned parameters, Vulnerabilities can be assessed and prioritized in many ways depending on your needs. It is advisable to use a combination of parameters to prioritize vulnerabilities. You can perform the entire operation of vulnerability assessment and remediation directly from the Vulnerability Manager Plus console.

To prioritize and remediate vulnerabilities based on severity and exploit status

  1. Navigate to threats> software vulnerabilities.
  2. By default, all the vulnerabilities present in your network are displayed here. Filter vulnerabilities by severity and exploit status based on your priority.
  3. Now selected the vulnerabilities which you want to fix and click on "Install patches" to create a manual deployment task.
  4. For further steps, refer to: Manually deploying patches to computers.

To prioritize and remediate vulnerabilities based on Vulnerability age and severity

  1. Navigate to Dashboard> vulnerabilities> Vulnerability Age Matrix.
  2. Vulnerability age matrix groups vulnerabilities based on both severity and age. You can choose to view the age of vulnerabilities either from published date or discovered date.
  3. Click on the age and severity level based on your priority to view a list of vulnerabilities that belong to that category.
  4. Now selected the vulnerabilities which you want to fix and click on "Install patches" to create a manual deployment task.
  5. For further steps, refer to: Manually deploying patches to computers.

To remediate specific vulnerabilities

  1. Navigate to threats> software vulnerabilities.
  2. In the "Search by CVE ID" field, specify the CVE IDs of the vulnerabilities you want to fix.
  3. Now selected the specific vulnerabilities and click on "Install patches" to create a manual deployment task.
  4. For further steps, refer to: Manually deploying patches to computers.