{"id":196,"date":"2011-08-09T11:11:00","date_gmt":"2011-08-09T11:11:00","guid":{"rendered":"https:\/\/belayclientstaging.zone\/securityeverafter\/2011\/08\/09\/control-10-continuous-vulnerability-assessment-and-remediation\/"},"modified":"2011-08-09T11:11:00","modified_gmt":"2011-08-09T11:11:00","slug":"control-10-continuous-vulnerability-assessment-and-remediation","status":"publish","type":"post","link":"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/","title":{"rendered":"Control 10: Continuous Vulnerability Assessment and Remediation"},"content":{"rendered":"<p>Is it possible to have a vulnerability assessment program that truly can be considered continuous? I believe the answer is a resounding yes you can.<\/p>\n<p>Configure a network scanner to perform daily discovery scans on the internal and external networks. Review the output for new hosts and unexpected services. Make certain that these scans are detected by your security controls, such as Network Intrusion Detection (NIDS) and file monitoring tools. This technique is very valuable and will help assess the maturity of the continuous monitoring program.<\/p>\n<p>The free Microsoft Windows Server Update Services (WSUS) provides automated patching of Microsoft products. The administrator can schedule categories of patches and schedule their installation. Also included is a reporting capability. WSUS can send daily reports via email to administrators notifying them of new patch releases and the status of their installation.<\/p>\n<p>Ensure that after patches are applied that you verify outside the  patching tool that the patch has actually been applied. Look for clues  such as registry values, installed programs and the last system reboot  to help measure this control.<\/p>\n<p>Even if in a simple spreadsheet format, track all open vulnerabilities across each system type. If you get to the point where you do not know what task to work on next, this will serve as an excellent guide to direct your attention.&nbsp; This will help move your security program to a more mature state. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Is it possible to have a vulnerability assessment program that truly can be considered continuous? I believe the answer is a resounding yes you can. Configure a network scanner to perform daily discovery scans on the internal and external networks. Review the output for new hosts and unexpected services. Make certain that these scans are [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[20,21,22],"tags":[],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Control 10: Continuous Vulnerability Assessment and Remediation - Security Ever After - vCISO<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Control 10: Continuous Vulnerability Assessment and Remediation - Security Ever After - vCISO\" \/>\n<meta property=\"og:description\" content=\"Is it possible to have a vulnerability assessment program that truly can be considered continuous? I believe the answer is a resounding yes you can. Configure a network scanner to perform daily discovery scans on the internal and external networks. Review the output for new hosts and unexpected services. Make certain that these scans are [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Ever After - vCISO\" \/>\n<meta property=\"article:published_time\" content=\"2011-08-09T11:11:00+00:00\" \/>\n<meta name=\"author\" content=\"Russell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:site\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Russell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/\"},\"author\":{\"name\":\"Russell\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\"},\"headline\":\"Control 10: Continuous Vulnerability Assessment and Remediation\",\"datePublished\":\"2011-08-09T11:11:00+00:00\",\"dateModified\":\"2011-08-09T11:11:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/\"},\"wordCount\":239,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"articleSection\":[\"Automation\",\"Operational Security\",\"SANS Top 20 Controls\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/\",\"url\":\"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/\",\"name\":\"Control 10: Continuous Vulnerability Assessment and Remediation - Security Ever After - vCISO\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/#website\"},\"datePublished\":\"2011-08-09T11:11:00+00:00\",\"dateModified\":\"2011-08-09T11:11:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securityeverafter.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Control 10: Continuous Vulnerability Assessment and Remediation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securityeverafter.com\/#website\",\"url\":\"https:\/\/securityeverafter.com\/\",\"name\":\"Security Ever After - CISO\",\"description\":\"vCISO\",\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securityeverafter.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securityeverafter.com\/#organization\",\"name\":\"Security Ever After\",\"url\":\"https:\/\/securityeverafter.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"width\":1169,\"height\":826,\"caption\":\"Security Ever After\"},\"image\":{\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/russelleubanks\",\"https:\/\/www.linkedin.com\/in\/russelleubanks\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\",\"name\":\"Russell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"caption\":\"Russell\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Control 10: Continuous Vulnerability Assessment and Remediation - Security Ever After - vCISO","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/","og_locale":"en_US","og_type":"article","og_title":"Control 10: Continuous Vulnerability Assessment and Remediation - Security Ever After - vCISO","og_description":"Is it possible to have a vulnerability assessment program that truly can be considered continuous? I believe the answer is a resounding yes you can. Configure a network scanner to perform daily discovery scans on the internal and external networks. Review the output for new hosts and unexpected services. Make certain that these scans are [&hellip;]","og_url":"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/","og_site_name":"Security Ever After - vCISO","article_published_time":"2011-08-09T11:11:00+00:00","author":"Russell","twitter_card":"summary_large_image","twitter_creator":"@russelleubanks","twitter_site":"@russelleubanks","twitter_misc":{"Written by":"Russell","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/#article","isPartOf":{"@id":"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/"},"author":{"name":"Russell","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3"},"headline":"Control 10: Continuous Vulnerability Assessment and Remediation","datePublished":"2011-08-09T11:11:00+00:00","dateModified":"2011-08-09T11:11:00+00:00","mainEntityOfPage":{"@id":"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/"},"wordCount":239,"commentCount":0,"publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"articleSection":["Automation","Operational Security","SANS Top 20 Controls"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/","url":"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/","name":"Control 10: Continuous Vulnerability Assessment and Remediation - Security Ever After - vCISO","isPartOf":{"@id":"https:\/\/securityeverafter.com\/#website"},"datePublished":"2011-08-09T11:11:00+00:00","dateModified":"2011-08-09T11:11:00+00:00","breadcrumb":{"@id":"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/securityeverafter.com\/control-10-continuous-vulnerability-assessment-and-remediation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securityeverafter.com\/"},{"@type":"ListItem","position":2,"name":"Control 10: Continuous Vulnerability Assessment and Remediation"}]},{"@type":"WebSite","@id":"https:\/\/securityeverafter.com\/#website","url":"https:\/\/securityeverafter.com\/","name":"Security Ever After - CISO","description":"vCISO","publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securityeverafter.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/securityeverafter.com\/#organization","name":"Security Ever After","url":"https:\/\/securityeverafter.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","contentUrl":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","width":1169,"height":826,"caption":"Security Ever After"},"image":{"@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/russelleubanks","https:\/\/www.linkedin.com\/in\/russelleubanks\/"]},{"@type":"Person","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3","name":"Russell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","caption":"Russell"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/196"}],"collection":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/comments?post=196"}],"version-history":[{"count":0,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/196\/revisions"}],"wp:attachment":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/media?parent=196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/categories?post=196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/tags?post=196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}