Track: Cyber Security

Abstract

In recent years security has been viewed in the context of securing the environment. Vulnerability Management (VM) in IT, Software and Technology areas is more of a static technology. However, the growing technology environment requires a combination of both static and dynamic technology.To stay relevant and current VM needs to match the dynamics of heterogeneous and a complex environment. The dynamic complex and a heterogenous environments include, cloud platforms, IT systems and the rise of IOT and various electronic devices. The various players in the VM value chain need to realize that the value of their platforms and/or solutions is in the intelligence that they are building to address the whole VM value chain, which is incident detection, log correlation, triage/investigation and remediation. In addition to attackers, lack of proper monitoring and controls implementation, and data breaches are some real challenges. One of the biggest challenges is the large amount of data that the heterogeneous environment has generated and how to accommodate and analyze this data. Researchers are using and working on analytics in the security sphere to create new rules, correlational aspects, trends and behavior patterns specifically related to area of vulnerability management. Vulnerability management analytics is one of the areas which researchers and practitioners are exploring solutions. A systematic review of literature is conducted to investigate the various problems, tools, technology and data. The study through the digital library of Amrita University and through online library database extracted from various respectable sources. The objective of this paper is to systematically review the literatures to identify published in vulnerability management as well as the analytics involved in the vulnerability management area. As part of the literatures the authors looked at research literatures and articles. The authors created a systematic review process as a method to review the various literatures. For the review process design the authors developed a matrix that has aggregated the various problems, use-cases, risks, technology applied, data, and the various tools. In the matrix the authors also focused on the best practices across the industry and the policies that have been developed and used across various industries. The authors also aggregated the various the above parameters across strategic, tactical and operational dimensions. The authors also expanded the dimensions across business, technology and people. The authors finally explore the reviews from detection, through prognosis, impact, solutions and finally into implementation. The authors could not explore the costs and the various cost-benefits. The authors aggregated the analysis of 150 recent empirical studies, published in the last 10 years, between 2008 and 2018. The literature review analysis also focused on exploring the existing underlying theories related to vulnerability management. With the focus on vulnerability management and the analytics related to vulnerability management the authors look at the insights, benefits and the utilizations of the various resources in the area of security.