1 Introduction

1.1 Vulnerability Management

In IT security, the combination of three elements influence the attack surface of an IT infrastructure:

  • Cyber criminals with sufficient experience, equipment and money to carry out the attack.

  • Access to the IT infrastructure.

  • Vulnerabilities in IT systems, caused by errors in applications and operating systems, or incorrect configurations.

If these three elements come together, a successful attack on the IT infrastructure is likely.

Since most vulnerabilities are known and can be fixed, the attack surface can be actively influenced using vulnerability management. Vulnerability management involves looking at the IT infrastructure from the outside – just as potential cyber criminals would. The goal is to find every vulnerability that could exist in the IT infrastructure.

Vulnerability management identifies weaknesses in the IT infrastructure, assesses their risk potential, and recommends concrete measures for remediation. In this way, attacks can be prevented through targeted precautionary measures. This process – from recognition to remedy and monitoring – is carried out continuously.

_images/vm_steps.png

Fig. 1.1 Process of vulnerability management

1.2 OPENVAS SECURITY INTELLIGENCE

OPENVAS SECURITY INTELLIGENCE is a central platform for evaluating scan data from multiple OPENVAS SCAN appliances, viewing security information and managing OPENVAS SCAN appliances.

1.2.1 Scan Data from Connected Appliances

Scan data from connected appliances can be imported continuously and automatically. The results detected on the appliances are presented in an asset-centric view.

With its aggregated view on scan data from several appliances, OPENVAS SECURITY INTELLIGENCE provides an overview of the most vulnerable assets, and the most widespread critical, high, and medium vulnerabilities. Additionally, it shows the trend of how the number of vulnerabilities has developed over time.

OPENVAS SECURITY INTELLIGENCE makes it possible to prioritize remediation measures for vulnerabilities. For further processing or reporting, asset and vulnerability data can be exported.

1.2.2 Security Information

OPENVAS SECURITY INTELLIGENCE includes a central service about information on vulnerabilities, essentially consisting of security advisories and details about vulnerability tests provided by Greenbone. Users can explore and query this data to find out about the scanning coverage for advisories, products and vendors which enables them to respond to threats of detected vulnerabilities in the most optimal way.

Furthermore, it offers the possibility to scan SBOMs of products for vulnerable components and scan reports from an OPENVAS SCAN appliance for related CSAF documents.

1.2.3 Appliance Management

Any number of appliances can be connected to OPENVAS SECURITY INTELLIGENCE. The connection can be initiated by OPENVAS SECURITY INTELLIGENCE or, in case of secured networks, by the appliance.

OPENVAS SECURITY INTELLIGENCE provides an overview of all connected systems and their status in real time. Furthermore, all operating system settings and configurations of the appliances can be viewed.

The connected appliances can be controlled via OPENVAS SECURITY INTELLIGENCE. Appliances can be rebooted and shut down, and feed updates and GOS upgrades can be performed. Some actions can also be performed for multiple appliances at once.