Vulnerability maps overlay third-party vulnerability information with Illumio Core's real-time application dependency map for a risk-based approach to patch prioritization.
The East-West workload-to-workload traffic within your data center and cloud environments represents a massive attack surface. Organizations are adopting a Zero Trust strategy—essentially operating as if they have already been breached and taking steps to inhibit bad actors from moving laterally within an environment.
Vulnerability maps incorporate data from third-party vulnerability scanning tools like Qualys to provide insights to the exposure of vulnerabilities and attack pathways within your environment.
Vulnerability maps help security and IT operations teams prioritize security and patching decisions; if you cannot patch, security segmentation can be quickly mobilized to act as a compensating control.
Enable better collaboration to tackle patch and vulnerability management
Vulnerability maps display connections to vulnerabilities between and within applications, enabling security teams to see which of the workloads’ vulnerabilities are highly exposed. In addition, vulnerability maps display an attacker’s potential lateral pathways.
- IT operations teams can use information from the vulnerability map to prioritize patching strategies.
- If patching is not viable because there are no patches available or there is a production freeze, security teams can instantly apply segmentation as a compensating control without breaking your applications.
Know your attack surface with Vulnerability Exposure Score
Vulnerability management solutions use vulnerability scores, which are typically the combined Common Vulnerability Scoring System (CVSS) scores of the vulnerabilities found in a workload. Vulnerability scores, while valuable, do not take into account a workload’s connectivity relative to other workloads in an environment.
Illumio Core uses the open industry-standard, community-accepted CVSS, which can be scored by an enterprise, and combines this with information on how many workloads can potentially connect with the vulnerable workload—the actual "reachability" of the vulnerable workload—to calculate a Vulnerability Exposure Score. IT operations and security teams use this information to prioritize patching and implement micro-segmentation as a compensating control if the time is not right to patch the application.
Model policies and alert when a potential exploit is in process
Illumio Core also allows you to model segmentation as a compensating control in test mode. In this mode, traffic is not blocked, but there will be an alert if it does not conform to policy. If traffic is connecting into a port with a known vulnerability, the vulnerability and its severity is included in the traffic alert to inform the security operations center (SOC) of a traffic violation, and that it is connecting to a port with a known vulnerability on it.