WP Five Steps to Integrating a Data Repository Vulnerability Assessment Into A WAF–Driven Vulnerability Management Program | Imperva

Five Steps to Integrating a Data Repository Vulnerability Assessment Into A WAF–Driven Vulnerability Management Program

Five Steps to Integrating a Data Repository Vulnerability Assessment Into A WAF–Driven Vulnerability Management Program

A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.

There are several types of vulnerability assessments. These include:

  • Host assessment – The assessment of critical servers, which may be vulnerable to attacks if not adequately tested or not generated from a tested machine image.
  • Network and wireless assessment – The assessment of policies and practices to prevent unauthorized access to private or public networks and network-accessible resources.
  • Database assessment – The assessment of data repositories or big data systems for vulnerabilities and misconfigurations, identifying rogue data repositories or insecure dev/test environments, and classifying sensitive data across your infrastructure.
  • Application scans – The identification of security vulnerabilities in web applications and their source code by automated scans on the front end or static/dynamic analysis of source code.

Integrating vulnerability assessments into an enterprise-wide can be approached with a five-step process. In this post, we’ll explain these steps and how they work.

Step 1 Discover and classify structured, unstructured, and semi-structured data.
Identify which data repositories are sensitive via automated data classification scans. It is critical to identify sensitive data so you can ascertain where the most critical data is and prioritize which data repositories you need to monitor and secure most urgently.

Step 2 Scan and identify.
Running vulnerability assessment scans on all data repositories is critical to identifying which systems are at risk. Once the at-risk data repositories have been identified, you can assess data repositories against compliance, benchmark, and known security standards and make it easier to identify specific vulnerabilities and quantify risk.

Step 3 Assess and analyze.
Consolidate and ingest vulnerability scan results into the Imperva Data Security Fabric, which enables a comprehensive review from a single dashboard. Imperva Data Security Fabric enables you to manage the findings from a central location and facilitates vulnerability assessment management as well as efficient tracking, reporting, and workflow.

Step 4 Manage and mitigate.
Review classification and vulnerability assessment scan results, and prioritize systems by sensitivity and vulnerability criticality. Set the controls for your Security Orchestration, Automation, and Response (SOAR) solution to facilitate manual or perform automated remediation and vulnerability management workflow integration.

Step 5 Audit and secure.
Identify anomalous database behavior with Imperva Data Security Fabric’s user and entity behavior analytics (UEBA) that leverages algorithms and machine learning to produce actionable alerts. Use the Imperva Data Security Fabric’s UEBA and SOAR capability to monitor and detect policy-violating behavior and quickly mitigate suspicious activity.

Traditional elements of a vulnerability management program (and their challenges)

Vulnerability management is the process of rooting out exploitable weaknesses in application code and eliminating them before they’re abused. The five-step process we’ve outlined here addresses only part of the challenge. Other elements of a vulnerability management program are:

  • Vulnerability scanning. After you make updates to your application, you can attempt to sanitize code environments through penetration (pen) testing and code review.
  • Patch management. The deployment of vendor-provided patches for newly discovered (e.g., zero-day) vulnerabilities in third-party software used by your application.
  • Input validation/sanitization. The filtering and verification of incoming traffic by a web application firewall (WAF). This blocks attacks before they can exploit vulnerabilities and is a substitute for fully sanitizing your application code.

Vulnerability scanning is only as effective on code deployed up to the time the last scan ended. In other words, new undiscovered attack vectors could endanger your application at any time after the scan, making scanning a frequent and laborious process.

The principal downside to patch management is fully patching a vulnerability can take days, weeks, or sometimes even longer—especially if there is a concern that a patch might affect your application’s core functionalities.

The role of a Web Application Firewall in vulnerability management program

The input validation/sanitation that a web application firewall (WAF) delivers reviews all incoming traffic to your application, filtering out malicious inputs that target security vulnerabilities and effectively solving vulnerability scanning and patch management issues.

Here’s what a WAF brings to your vulnerability management program:

  • A WAF doesn’t require code updates that can potentially inhibit your application’s functions. Both the scanning and patching processes are ineffective because they rely on code updates. It’s much simpler to update your WAF security policy than to tweak your application code. This dramatically cuts response time to new vulnerabilities.
  • A WAF provider engages in proactive research to immunize the service from new threats.
  • You can customize WAF security rules to address specific vulnerabilities. Using custom security policies lets you flexibly address specific security scenarios unique to your application—without having to make any code changes. This makes the process significantly more flexible and less labor-intensive.
  • You can deploy a patch on the WAF level, which is then applied across every application protected by the service. You still need to patch software vulnerabilities, but this gives you a head start that can mitigate an immediate threat. It buys your team time to test and implement vendor-provided patches in the interim, without the risk of perpetrators exploiting an exposed vulnerability.

To create a great vulnerability management program, you need the robust data management capabilities provided by Imperva Data Security Fabric and the power of Imperva’s Web Application Firewall. Put our thousands-strong team of data and application security experts to work for your organization.