Under certain circumstances, our vulnerability management can also provide information directly to a patch management system, so that patching can be performed directly on the basis of security-critical assessments. Patch management is a useful complement to vulnerability management an, as these systems can in turn automate patching. Often, new patches also bring new vulnerabilities that a patch management system does not detect. In addition, patch management usually only works in IT components, but not in industrial plants and control systems, for example.įurthermore, a patch management system requires extensive and controlling admin intervention, since not every patch is useful or uncritical for the respective system. After all, it only makes sense to patch if existing vulnerabilities are known. Patch management thus presupposes vulnerability management. Such a measure can be a patch, for example. Vulnerability management is used to find, classify and prioritize existing vulnerabilities and recommend measures to eliminate them. Patch management involves updating systems, applications and products to eliminate security vulnerabilities. With vulnerability management, other systems can be focused specifically on hotspots. This therefore also applies, for example, to industrial components, robots or production facilities.Ī combination of both vulnerability management and firewall & co.
If a Greenbone solution is in the network, every component that can be reached via an IP connection can also be checked for vulnerabilities, regardless of which device it is. Traffic that does not pass through the security system is not analyzed. In addition, firewalls, IDS or IPS systems also only detect vulnerabilities if the system allows it at all, and then only on the data traffic that passes through the respective security system. The tools are designed to seamlessly integrate, allowing organizations to gain complete visibility into their infrastructure, network, and metrics through the Icinga stack. High-quality firewall systems may detect vulnerabilities, but unlike vulnerability management, they do not offer a solution approach for a detected vulnerability. Icinga is an open-source platform that supports multiple tools, including a network monitoring solution. The goal is to close vulnerabilities that could be exploited by potential attackers so that an attack does not even occur. In contrast, vulnerability management looks at the IT infrastructure from the outside in – similar to the perspective of attackers. Firewalls or similar systems therefore often only intervene once the attack has already happened. The goal is to ward off attacks that are actually taking place.
Absolutely, because the systems mentioned focus on attack patterns – looking from the inside out.
0 kommentar(er)
