Vulnerability Management Program Implementation
In this project, we simulate the implementation of a comprehensive vulnerability management program, from inception to completion.
This includes workflow from the ground up, highlighting both technical implementation and cross-team coordination.
Inception State: No policy or processes exist.
Completion State: Policy is approved, buy-in is achieved, and vulnerabilities are remediated.
Platforms and Technology Used
- Tenable (for authenticated vulnerability scans)
- Azure VMs (as scanning targets and scan engine)
- PowerShell (for remediation automation)
π Table of Contents
- Policy Draft Creation
- Slack Conversation: Stakeholder Buy-In
- Policy Finalization and Sign-Off
- Slack Conversation: Initial Scan Coordination
- Initial Scan Execution
- Vulnerability Assessment & Prioritization
- Remediation Distribution
- Slack Conversation: Post-Scan Review
- Slack Conversation: Change Advisory Board Meeting
- Remediation Rounds
- Remediation Summary
- Remaining Vulnerabilities (Post-Scan 5)
- Ongoing Maintenance
π§Ύ Policy Draft Creation
Before any technical work began, a formal policy was drafted outlining:
- Targeted assets (scope)
- Role-based responsibilities
- SLAs for remediation by severity
- Scan frequency and types (credentialed, unauthenticated, scheduling)
View Policy Draft
This foundational document ensures all teams are aligned on expectations and procedures.
Slack Conversation: Stakeholder Buy-In
Introduced the draft policy to John at the Server Team, received feedback on remediation timelines, and agreed on a 1-week window for critical issues.
Policy Finalization and Sign-Off
Final edits were made based on team feedback. Policy was approved by senior leadership and now serves as the formal governance document.
View Final Policy
Slack Conversation: Initial Scan Coordination
Coordinated credentialed scans with Sarah at the Server Team. Agreed to begin with a pilot server and use just-in-time Active Directory credentials.
Initial Scan Execution
Executed the first authenticated scan.
Scan Report (Scan 1)
Vulnerability Assessment & Prioritization
Findings were assessed based on exploitability, ease of remediation, and organizational impact:
| Priority | Vulnerability Type | Justification |
|---|---|---|
| 1 | Outdated Wireshark | Can be removed safely; known exploits |
| 2 | Deprecated protocols (TLS 1.0/1.1) | Weak encryption poses enterprise risk |
| 3 | Guest account in Admin group | Should not have guest accounts on these types of servers |
| 4 | Windows Updates missing | Addressed by patch management tools |
Remediation Distribution
Server team received remediation scripts and instructions via internal communication and began work on fixes.
Slack Conversation: Post-Scan Review
Reviewed vulnerabilities found in Scan 1. Confirmed no outages. Planned fixes for insecure software, protocols, and user accounts.
Slack Conversation: Change Advisory Board Meeting
Approved remediation packages. Discussed rollback strategies and pilot rollout for protocol and cipher updates.
Remediation Rounds
Round 1: Wireshark Removal
Script β Wireshark Uninstall
Scan Report (Scan 2)
Round 2: Insecure Protocols & Ciphers
Script - Protocols
Script - Ciphers
Scan Report (Scan 3)
Round 3: Guest Account Removal
Script β Remove Guest from Local Admins
Scan Report (Scan 4)
Round 4: Windows Updates
Windows patching enabled and completed.
Scan Report (Scan 5)
Remediation Summary
Before Remediation β Scan 1 (June 30, 2025)
Total Vulnerabilities: 29
- Critical: 2
- High: 9
- Medium: 17
- Low: 1
- Info: 0
After Remediation β Scan 5 (July 1, 2025)
Total Vulnerabilities: 6
- Critical: 0
- High: 1
- Medium: 4
- Low: 1
- Info: 0
Reduction Achieved:
- Critical: 100% remediated (2 β 0)
- High: 89% reduced (9 β 1)
- Medium: 76% reduced (17 β 4)
- Overall: 79% reduction (29 β 6)
Remaining Vulnerabilities (Post-Scan 5)
Despite significant remediation progress, the following 6 vulnerabilities remain:
| Severity | Plugin ID | Vulnerability Name |
|---|---|---|
| High | 166555 | WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation |
| Medium | 132101 | Windows Speculative Execution Configuration Check |
| Medium | 57608 | SMB Signing Not Required |
| Medium | 57582 | SSL Self-Signed Certificate |
| Medium | 51192 | SSL Certificate Cannot Be Trusted |
| Low | 10114 | ICMP Timestamp Request Remote Date Disclosure |
Planned Actions:
- WinVerifyTrust (High): Requires registry-based mitigation and internal app compatibility testing.
- Speculative Execution (Medium): Pending policy review for performance trade-offs.
- SMB Signing (Medium): Scheduled for next patch window; coordination needed with legacy systems.
- SSL Cert Issues (Medium): Awaiting certificate replacement and re-issue from internal CA.
- ICMP Timestamp (Low): Logged for future hardeningβnon-exploitable in current context.
These issues are tracked in the remediation backlog and scheduled for resolution in the next maintenance cycle.
Ongoing Maintenance
A quarterly scan routine has been established.
New vulnerabilities will follow the same workflow: scan, assess, approve, and remediate based on policy SLAs.
Backlog items will be reviewed and prioritized in weekly operations review cycles.