Prioritize and Fix the Important Vulnerabilities


It's difficult even for seasoned security professionals to properly prioritize vulnerabilities as it’s a complex process that must take many factors into consideration, including the severity of the vulnerability, the likelihood of exploitation, the impact of a successful attack and specific environment and even workload configurations.

Teams that have tried to implement vulnerability prioritization through manual efforts reported it to be a time-consuming, impossible to win task because practitioners found themselves to have limited visibility into vulnerabilities as data comes from various sources, such as software vendors, open-source projects, and third-party applications, operational systems, service orchestrators, cloud service providers among others and correlating all this data is an impossible task if approached manually.

To help security teams like yours to better identify their most impacting vulnerabilities and take action, Prisma Cloud Unified Vulnerability Management (UVM) continuously monitors the entire application lifecycle (Code, Build, Deploy, and Runtime) to find all the vulnerabilities, and based on risk and runtime factors, prioritizes them in a way that allows users to quickly take action .

1. Onboard Your Cloud Accounts, Repositories, and Container Image Registries

Make sure to onboard your AWS, Azure, or GCP accounts where you have your runtime workloads and make sure you have Prisma Cloud Agentless Workload Scanning or Prisma Cloud Runtime Security agents deployed.

Agentless Workload Scanning

Confirm that you do not have errors with the additional permissions required for Agentless Scanning .

Agent Base Protection

Confirm that the Defender agent is operational and scanning your environment

Repositories

Confirm that the repositories hosting the artifacts used by the applications are onboarded

Container Image Registries

Confirm that the image registries hosting your application images are scanned for vulnerabilities

2. Analyze your Vulnerability Landscape

Identify and understand the most critical vulnerabilities facing your organization. The out-of-the-box Vulnerability policies help you prioritize and address these risks efficiently.

  1. Select Dashboards.
  2. Look into the Top Impacting Vulnerabilities.
  3. Click on the vulnerability at the top of the widget.

Now, you can explore the different vulnerabilities impacting your organization and take action accordingly.

3. Understand the Code to Cloud Impact of the Vulnerability

  1. Verify all the assets affected by the vulnerability (optional)
  2. Click on the vulnerability icon and click on the "View Details" button

  1. On the Vulnerability Sidecar, click on Assets.
  2. Review all the Assets Types affected by the selected vulnerability (optional).

  1. On Packages, click on Actions and "Submit Pull Request"

4. Take Action

    1. Download the vulnerability Data as a CSV
  2. On the Vulnerability Sidecar, click on Assets.
  3. Click on the Download All Assets button.

  1. If you want to download vulnerability information from a specific asset type, expand the group of interest and click on the Download button located under that group.

    1. Create a ticket in Jira.

On the Vulnerability side panel, select Send to > Jira. Select your pre-defined template and send . See set up a Jira integration, if you need to set one up.

5. Investigate Vulnerabilities

You can dive deep into your top issues and resolve these concerns to strengthen your overall security posture.

  1. Enter an RQL Query for vulnerability Search.
    1. Log in to the Prisma Cloud Console, and select Investigate.
      The Investigate page is where you can perform queries to find answers about your cloud resources and their vulnerabilities
    2. Enter an RQL query to search for high and critical severity vulnerabilities that are older than 30 days

      For example: vulnerability where AssetLifeCycle is Run AND Age >= 30 AND Severity in (Critical, High)



      Enter an RQL query to search for high and critical severity vulnerabilities that are older than 30 days
    3. Clicking on any Vulnerability will take you directly to the Vulnerability sidecar where further actions can be taken as explored earlier.