Continuous Vulnerability Management
Develop a plan to continuously assess and track vulnerabilities on all enterprise assets within the enterprise’s infrastructure, in order to remediate, and minimize, the window of opportunity for attackers. Monitor public and private industry sources for new threat and vulnerability information.
Program Services & Resources
| Internal | External |
| runZero | runZero |
| CrowdStrike | Shodan |
| Dark Web Monitoring | MCNC Attack Surface Management |
| Nessus | |
| NC National Guard Cyber Security Response Force |
Why is Vulnerability Management Important?
Cyber defenders must stay ahead of attackers by continuously monitoring for and managing vulnerabilities. This involves staying updated on patches, advisories, and threat bulletins, and regularly scanning their environment. Since attackers have access to the same public information and can act faster, defenders must prioritize vulnerabilities based on risk and likelihood of exploitation.
Patching takes time as vendors must develop fixes and enterprises must test and deploy them. Zero-day vulnerabilities (unknown to the security community) pose an added threat, as attackers may exploit them before a patch exists. Some flaws may be known privately for extended periods before disclosure, making it crucial for defenders to use additional controls when patching isn’t possible.
Enterprises that neglect vulnerability assessments increase their risk of compromise. Defenders must also balance timely remediation with operational needs and resource constraints across complex infrastructures.
Internal v. External Protections
When considering effective vulnerability monitoring, it is important to recognize that most major systems have two domains in need of security: internal assets and external assets. Both sets of assets are policed through internally-based scans and externally-based scans respectively.
Internal continuous vulnerability scanning focuses on identifying security weaknesses within an organization’s internal network such as endpoints, servers, and systems behind the firewall. Its primary goal is to detect misconfigurations, outdated software, or unpatched vulnerabilities that could be exploited by insider threats or malware that has already breached perimeter defenses.
External continuous vulnerability scanning examines the organization’s public-facing systems such as websites, email servers, and remote access portals from an outsider’s perspective. This type of scanning is designed to identify vulnerabilities that could be exploited by external attackers attempting to gain unauthorized access.
What can you do?
PSUs use various vulnerability scanning tools sometimes including remotely managed commercial services to assess security configurations. These tools ideally map findings to standard classification systems like CVE, CVSS, and CPE for consistency. As enterprise asset diversity grows, scan frequency should increase, with “authenticated scans” providing deeper insights by logging into assets.
Additional tools monitor unauthorized configuration changes and security weaknesses. Linking vulnerability scanners to ticketing systems helps track remediation progress, report critical issues to management, and support compliance. Security committees often prioritize fixes based on business impact.
Prioritizing which vulnerabilities to patch should combine CVSS scores with real-time threat intelligence about exploitation likelihood and impact. Automated systems can maintain this process at scale. Effective scanners also track vulnerability trends over time. Finally, enterprises must ensure patches and configuration changes are correctly applied through quality assurance checks.
Specific details and procedures are outlined in the K-12 Cybersecurity CORE Safeguards.
**NC K-12 Cybersecurity Community Mailing list subscription is required to access the CORE Safeguard materials**