Ray Makasi's Blog
Vulnerability and Asset Management (VAM) and examples of two resources

Photo by FlyD on Unsplash

Vulnerability and Asset Management (VAM) and examples of two resources

Ray Makasi's photo
Ray Makasi
·

2 min read

After watching Rami McCarthy’s talk on fwd:cloudsec Europe How to 10X Your Cloud Security (Without the Series D)

https://www.linkedin.com/feed/update/urn:li:activity:7241726006372311040/, I decided to read up further on Vulnerability and Asset Management (VAM).

Let’s first define the terms

1. Introduction: What is Vulnerability and Asset Management?

  • Definition:

    • Vulnerability Management (VM): Identifying, assessing, and addressing security weaknesses in systems and software.

    • Asset Management (AM): Tracking and managing an organization's physical and digital assets to ensure they are secure and up-to-date.

2. What VAM Integrates With.

3. How VAM can Help

  • Risk Reduction: With a full understanding of your environment and vulnerabilities, organizations can prioritize risk mitigation efforts.

  • Regulatory Compliance: VAM supports compliance frameworks like PCI DSS, HIPAA, and ISO 27001 by continuously monitoring and reporting asset vulnerabilities.

  • Improved Decision-Making: With integrated VAM tools, security and IT teams can make more informed decisions about resource allocation, threat prioritization, and security investments.

4. Review of Two VAM Resources.

I will review two VAM resources. Datadog’s Cloud Security Atlas. https://securitylabs.datadoghq.com/cloud-security-atlas/

and Trend Micro’s Conformity Knowledge Base

https://www.trendmicro.com/cloudoneconformity/knowledge-base/

Datadog’s Cloud Security Atlas

Datadog Cloud Security Atlas is a risk register for Threats and Vulnerabilities. This database allows you to search and filter on your cloud provider platform and risk type and sort by impact, exploitability, and recency.

Datadog's Cloud Security Atlas

Filtered down shows an example of AWS IAM role vulnerability with high impact. What I like about this is you can see and understand the Business impact and Technical impact and ways to remediate the vulnerable resource.

Trend Micro's Conformity Knowledge Base

A growing public library of 750+ cloud infrastructure configuration best practices for your AWS™, Microsoft® Azure, and Google Cloud™ environments. that provides simple, step-by-step resolutions to rectify security vulnerabilities, performance, cost inefficiencies, and reliability risks.

Trend Micro's Conformity Knowledge Base focuses on cloud infrastructure security and compliance. Notable aspects include:

  • Best practice recommendations for major cloud providers

  • Compliance checks for industry standards and regulations

  • Automated security and compliance assessments

  • Integration with Trend Micro's broader security ecosystem

In this article, I’ve covered what VAM is, what it integrates with,how VAM can assist an organization, and examples of two VAM resources.

cloudsecurityvam