Vulnerability Management is an essential element of an IT security infrastructure and complements the other components.
IDS/IPS solutions – network-based, host-based or designed as Network Behaviour Analysis (NBA) – have to be set up and adjusted during setup and during ongoing operation. For an NBA it is necessary to establish a baseline (e.g., limits for port scans and login attempts, blacklists and whitelists of IP addresses and user names as well as settings for alarms).
By importing the results of vulnerability scans, you can significantly supplement and improve this tuning: the information can be used to focus the resources of an IDS/IPS and thus make better and faster decisions on the necessary action and alerting. False-positive messages are reduced.
Attacks on an IDS/IPS such as overloading the capacity or ‘blinding’ are so-called evasion techniques. Together with the difficulty of an IDS/IPS to detect slow, targeted attacks, they push these IT security solutions to their limits. Vulnerability Management offers the necessary complement, as it can significantly reduce the attack surface.