Understanding compensating controls for risk reduction in Application Vulnerability Response
Compensating controls are the measures taken to reduce the risk posed by vulnerabilities that can't be patched immediately. They can be used to mitigate the likelihood or impact of a successful exploit.
Note:
The compensating controls feature is available for host & application vulnerabilities only.
Applying compensating controls can help in reducing the risk of a vulnerability.
The following table shows the use cases for compensating controls:
| Use case | Compensating control |
|---|---|
| A vulnerability in a web server that enables attackers to execute arbitrary code. | Implement a Web application firewall (WAF) to block malicious requests to the web server. |
| A vulnerability in an operating system that enables attackers to escalate privileges to root. | Implement an application control to restrict the execution of applications on the host system. |
| A vulnerability in a database server that enables attackers to access sensitive data. | Implement network segmentation to isolate the database server from other hosts and critical systems. |
For more information on compensating controls, see Understanding compensating controls for risk change