on 06-14-2023 05:39 PM - edited 3 weeks ago
This page gives an overview of the Risk Insights module in Lansweeper, and explains how crucial some of the features are to maintain a secure system.
In today's interconnected world, understanding vulnerabilities is crucial for maintaining the security and integrity of systems and assets. Vulnerabilities represent weaknesses that malicious actors can exploit, potentially leading to unauthorized access, data breaches, or system disruptions.
In this article, we will delve into the world of vulnerabilities, exploring their sources, implications, and mitigation strategies.
CVE, which stands for Common Vulnerabilities and Exposures, is an identification system used to uniquely identify vulnerabilities. Each CVE entry corresponds to a specific vulnerability and includes relevant details such as descriptions, impacts, and potential mitigations. By referencing CVEs, security professionals, researchers, and organizations can effectively communicate and track vulnerabilities across different systems and platforms.
To enrich its vulnerability information, Lansweeper uses VulnCheck as its primary provider for vulnerability intelligence data. VulnCheck in turn leverages information from NIST (National Institute of Standards and Technology), CISA (Cybersecurity and Infrastructure Security Agency), MS (Microsoft), vendors and other databases. These sources provide valuable insights into known vulnerabilities, their impacts, and recommended mitigation measures. By utilizing information from these databases, Lansweeper ensures that it stays up-to-date with the latest vulnerabilities and security advisories.
The base score is a widely adopted industry-standard metric known as CVSS (Common Vulnerability Scoring System). It allows for the comparison of vulnerabilities for prioritisation purposes. The base score ranges from 0 to 10, with a higher score indicating a more severe vulnerability.
Severity, derived from the base score, classifies vulnerabilities into four categories: low, medium, high, and critical. This classification enables organizations to prioritize their vulnerability management efforts and allocate resources accordingly.
The confidence level depicts the accuracy of vulnerability correlation. The confidence level can be categorized as either "Low" or "High." A high confidence level indicates a high degree of certainty that the vulnerability has been correctly identified and correlated, while a low confidence level implies a lesser degree of certainty. This additional information helps users gauge the reliability and credibility of vulnerability findings. For a more detailed overview of this feature, have a look at the Confidence level article.
The attack vector describes the context or path through which a vulnerability can be exploited. It provides insights into how an attacker can gain access to a system or network. The possible values for the attack vector include:
The attack complexity describes the level of difficulty involved in successfully exploiting a vulnerability. It assesses the ease or complexity of launching an attack using the vulnerability and can be categorized as either "Low" or "High".
Privilege describes the level of privilege or access an attacker requires to successfully use a vulnerability. The level of privilege can be categorized as:
Integrity refers to the impact on the integrity of information resulting from the successful use of a vulnerability. It evaluates the potential tampering or modification of data and can be categorized as follows:
User interaction refers to whether a user, other than the attacker, needs to perform an action for the successful exploitation of a vulnerability. User interaction can be categorized as follows:
The scope of a vulnerability indicates whether its exploitation extends beyond the initially compromised system (Changed) or remains confined to the originally vulnerable component (Unchanged).
Confidentiality measures the impact on the confidentiality of information resulting from the successful use of a vulnerability. It evaluates the potential exposure of sensitive data and can be classified into the following categories:
Availability impact measures the impact on system availability resulting from the successful use of a vulnerability. It assesses the potential disruption or loss of service and can be classified into the following categories:
Exploitability refers to how easily an attacker can take advantage of a vulnerability. Understanding exploitability is crucial for developing effective mitigation plans based on vulnerability information.
To find out more about the information Lansweeper provides on exploitability, check out Understanding exploitability fields.
The patch info column provides critical information about the availability of patches to address identified vulnerabilities. It assists users in prioritizing their remediation efforts by categorizing the patch status into two states: "Available" or "Unknown."
Although vulnerabilities pose potential risks, there may be situations where users may choose to ignore them. Lansweeper acknowledges that different circumstances may warrant such decisions and provides users with options to justify ignoring a vulnerability. The available reasons for ignoring vulnerabilities include:
For more information, see our article on how to take advantage of the ignore feature.
If you have linked your OT Hub with Lansweeper Sites, you can also view vulnerability information related to your OT assets. OT assets and IT assets are managed within the Risk Insights module.
To view a list of vulnerabilities affecting your OT assets:
Check out our overview of OT asset management features to learn more.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try NowExperience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now