Critical Control #3: Continuous Vulnerability Management
Forgive my pedantry here, but continual vulnerability management, or scanning your network once per quarter and dumping a giant report on IT’s desk, was the bare minimum to satisfy regulators for years. Continuous vulnerability management, as CIS [and any security expert] suggests, requires a lot more. It’s a constant cycle of:
- collecting the state of your systems,
- assessing that state to identify which known vulnerabilities are present, and
- prioritizing the identified vulnerabilities which demand immediate remediation.
The big reason to highlight this differentiation for cloud workloads is that old assumptions that your servers remain the same for many months are no longer relevant. New methods are needed to (Read more…)
*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Matt Hathaway. Read the original post at: https://www.uptycs.com/blog/how-osquery-helps-secure-your-cloud-with-these-two-critical-cis-benchmark-controls