Everyone agrees that Incident Management is different than Vulnerability Management. But yet still people mix them up when things happen.
Recently, SolarWinds supply chain attack has becomes the hottest topic in the month of December 2020 for Cybersecurity world. With the SUNBURST or SuperNova backdoors found, it is obviously becomes an incident (rather than a vulnerability) if your company is using the affected products. With the investigation is still ongoing, more affected products might be included in the list.
But, why people try to manage the SolarWinds case with vulnerability management? Is it because everyone is more familiar with vulnerability remediation process.
Yes, both incident management and vulnerability management has the remediation process. However it is performed by different teams. The remediation process for an incident is performed by Cybersecurity team, while the remediation process for a vulnerability is performed by IT team.
I guess people just thought that the all remediation process are the same.
Why people mix them up so easy?
I think it is due to sophisticated Cybersecurity team structure. And there is monthly remediation reminder that continuously reminding us on the remediation process. People just like to engage with what they are familiar with.
If your company is using a vulnerability management process to handle the SolarWinds attack or incident, then you should start think about simplifying your Cybersecurity teams.