What is vulnerability and patch management ? - Definition from WhatIs.com

Definition

vulnerability and patch management

Part of the Network security glossary:

Vulnerability management is a pro-active approach to managing network security. It includes processes for:

  • Checking for vulnerabilities: This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.

  • Identifying vulnerabilities: This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.

  • Verifying vulnerabilities: This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.

  • Mitigating vulnerabilities: This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other work-arounds.

  • Patching vulnerabilities: This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing,

 

This was last updated in November 2010
Posted by: Margaret Rouse

Related Terms

Definitions

  • blacklist

    - A blacklist, in IT, is a collection of entities that are blocked from communicating with or logging into a computer, site or network. Blocked entities are typically identified as IP addresses, user... (WhatIs.com)

  • frequency-hopping spread spectrum

    - Frequency hopping is one of two basic modulation techniques used in spread spectrum signal transmission. (SearchNetworking.com)

  • SS7 attack

    - While the SS7 network is fundamental to cellphones and its operators, the security of the design relied entirely on trust. The SS7 network operators counted on one another to play by the rules. Now... (WhatIs.com)

Glossaries

  • Network security

    - Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question. Find an Answer.Powered by ITKnowledgeExchange.com

Ask An IT Question

Get answers from your peers on your most technical challenges

Ask Question

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.