What is the most common vulnerability remediation technique, and why does it never stop?
Patching — installing vendor-released software updates that remove or mitigate vulnerabilities. It never stops because new vulnerabilities are discovered continuously and new patches are released continuously. Patching is an ongoing operational process, not a project with an end date.
What distinguishes a scheduled patch from an unscheduled patch?
Scheduled patches follow predictable vendor release cycles (monthly, quarterly) — organizations plan testing and maintenance windows in advance. Unscheduled patches are released urgently outside the normal cycle, typically for zero-day vulnerabilities with active exploitation in the wild. Unscheduled patches compress the testing timeline and require faster deployment decisions.
What does cybersecurity insurance cover, and what does it NOT cover?
Covered: lost revenue from outages, data recovery costs, phishing-related losses, privacy lawsuit costs, ransomware recovery. Not covered: intentional acts by insured parties, unauthorized fund transfers, certain acts of negligence, and some policies exclude nation-state attacks. Insurance is risk transfer, not risk elimination — it complements but does not replace technical controls.
What is the purpose of segmentation as a vulnerability remediation strategy?
Segmentation divides the network into isolated zones to limit the blast radius of a successful attack. If an attacker exploits a vulnerability in one segment, they cannot freely reach systems in adjacent segments without crossing a controlled boundary. Segmentation does not prevent initial exploitation — it contains lateral movement after exploitation.
What is the critical rule for inter-VLAN communication, and what is an air gap?
Inter-VLAN communication requires a Layer 3 device (router or Layer 3 switch) — devices on different VLANs cannot communicate directly without routing. An air gap is the most extreme form of isolation: a system physically disconnected from all networks, eliminating all remote attack paths. Used when a system cannot be patched and cannot be adequately protected by firewall rules.
What advantage do next-generation firewalls (NGFWs) provide over basic firewalls in a segmented network?
NGFWs provide application-layer visibility: they can identify the specific application generating traffic, not just the IP and port. This lets them detect anomalous behavior — for example, a web server initiating SSH connections, which has no legitimate purpose. NGFWs enforce inter-segment traffic policies and log anomalous traffic, providing both enforcement and visibility.
What are compensating controls, and name three examples?
Security measures deployed when the primary remediation (patching) cannot be performed. They reduce exploitation likelihood without eliminating the vulnerability. Examples: (1) disable the vulnerable service; (2) restrict external access via firewall rules; (3) deploy host-based firewalls or router ACLs to limit which sources can reach the service. Compensating controls are temporary bridges — they should be accompanied by a remediation timeline.
What is an exception or exemption in vulnerability management, and who typically approves it?
A formally approved decision to leave a vulnerability unremediated because patching is not feasible and the residual risk is judged acceptable. Approved by a security committee or change control committee — not a single individual. The decision is documented with justification, a review date, and any compensating controls in place. An exception is deliberate, governed risk acceptance — not ignoring the vulnerability.
What are the three methods of validation of remediation?
1. Rescanning — run a vulnerability scan after patching to confirm the finding no longer appears and identify missed systems. 2. Auditing — review deployment logs and records to verify the patch was applied correctly. 3. Verification — manual confirmation; log in to the system, check patch version, or attempt to reproduce the exploit. Rescanning is the most scalable; verification provides the highest confidence for critical systems.
What five metrics should a continuous vulnerability remediation report track?
1. Total vulnerabilities identified (overall exposure). 2. Patched vs. unpatched systems (remediation progress). 3. New threat notifications (newly published CVEs matching the environment). 4. Patch errors (silent deployment failures). 5. Exceptions and exemptions (formally accepted risks). Automation is required at enterprise scale; manual tracking across hundreds of systems is not feasible.