Comprehensive software reviews to make better IT decisions
Address the Root of Your Vulnerabilities in a Resource-Tight Period
Cyberthreats are omnipresent for any enterprise. Monitoring all ingress and egress points while not stifling the ability to conduct business is an eternal balance that security professionals attempt to strike. Couple this with the continued security issues around remote work during the COVID-19 pandemic, and security teams have their hands full in addressing the full gamut of enterprise concerns.
Hostile threat actors are more likely to be targeting your organization’s low-hanging fruit with respect to your vulnerabilities. These actors want to get in, take what valuable information they can, and leave. In Verizon’s 2020 Data Breach Investigations Report, most cyberattacks are shown to be financially motivated and leverage existing vulnerabilities. As the report notes, it makes the most sense to remove these low-hanging vulnerabilities as soon as possible. In this regard, patching is one of the best methods to protect your digital assets.
As discussed in another note, the attack vector for vulnerabilities is an expanding issue. COVID-19 has forced many enterprises to move their workforces to remote situations. Beyond the myriad issues associated with remote work, an additional component of network security must be addressed: software containers. Software containers, while useful for hosting the necessary components for an application to run, do have additional security challenges that must be considered. Inherently, these containers are siloed from one another, and as such updating them presents different challenges from servers or virtual machines. Security teams have had to put in extra effort to accommodate for all these sudden changes in addition to shifts in resourcing priorities. So, how are security teams expected to meet demands while dealing with increased pressures placed upon them?
Source: Qualys VMDR at SoftwareReviews
Marc Rottigni, CTSO EMEA at Qualys, lays out his foundational approach to tackling this increased pressure. Rottigni contends that enhanced visibility into your network is the ideal place to begin relieving vulnerability pressure. Register your assets, platforms, endpoints, and container deployments. If you know what is on your network, you will be able to effectively monitor them with passive network scans, device agents, and other container scans. If your assets are being tracked, you can continually assess them with vulnerability scans, and you can make updates as they become necessary.
The visibility also allows you to prioritize updates on the areas that are most in need of attention and desirable to attackers. As Rottigni states, “you can use actionable data to direct information to the most appropriate individuals within your organization, so they can act accordingly.” This includes integrating all of your relevant teams into the vulnerability scanning process, not just the security team. This helps to have integrated development rather than an ad hoc approach to vulnerability management.
Naturally, this approach does take a good deal of restructuring of your organization’s workflows, but Rottigni says that Qualys’ Time to Remediate (TTR) will expedite and improve this difficult process. TTR tracks the quality of your responses, how frequently you are patching, and how often you are implementing difficult fixes across the network. Done well, the increased visualization can offer guidance on the performance of the business and potential improvements. Capitalizing on this guidance is the key to moving forward and adapting a more traditional vulnerability management process to the new normal.
Undoubtedly, the shift to remote work has increased the number of vulnerable access points that businesses face. Security teams are under increased pressure to meet the same security standards while on reduced budgets and lower staff numbers, and all while being out of the office. COVID-19 has changed the way security teams must operate. However, does increased visibility into your network address all these problems?
While Rottigni’s approach is sound – visibility does allow for informed decisions – in practice, there is a great deal of separation between having insight into your network and actually being able to do anything with that information. Often security teams are understaffed, underbudgeted, or even lack the skills to take full advantage of whatever insight may have been generated from a network deep dive. Furthermore, consider problems like shadow IT, BYOD, loud service, and remote work. These problems cannot be addressed with just a simple increase in network visibility. These same issues have been exacerbated by COVID-19, further reducing the efficacy of visibility into the network. Even accounting for automation of the visibility processes – which undoubtedly is a paid service that businesses may be unable to afford – having the knowledge and being able to do anything with that knowledge can remain a difficult hurdle to overcome. Rottigni is correct in that, in an ideal world, network visibility will provide increased insight into where to focus first, but enterprises do not always exist in a state where they have executive buy-in or even the minimum resources to execute a robust vulnerability management strategy.
We must also consider the future of vulnerability management. These same problems will exist whether working remotely or in the office. Switching from either location will increase the difficulty in remediating the vulnerability vectors. Foundational insight and organizational changes should be addressed before committing to in-depth network analysis. For businesses that are already strapped for resources, analyzing your underlying policies and analyzing potential vulnerability vectors are simple, low-effort best practices that could garner more effective risk mitigation than having full network visibility. While network visibility may be low-hanging fruit, addressing the root of your vulnerability problems at a structural level should come first. This will ensure that any changes made will become embedded into practice and stick through the long-term. Check out Info-Tech’s Build an Information Security Strategy for more information on how to understand your inherent and business risks and pressures to address these foundational flaws and develop a robust approach to protecting the organization.
Want to Know More?
Have you ever thought of what else you could do to take your security operations center (SOC) to the next level and focus on prevention? Look no further – external attack surface management (EASM) was a popular managed service and topic of discussion at Rivest–Shamir–Adleman (RSA) Conference 2023, named after a popular public-key cryptosystem.
By exploiting a five-year-old configuration error, a hacker was able to access Amazon’s S3 cloud storage buckets on which Twilio’s code was loaded. As a result, customers were able to unknowingly download the modified code for twenty-four hours.
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
Remote Work Landscape Pushes Microsoft to Releases Endpoint DLP and Double Key Encryption Features for Added Data Security
Microsoft recently previewed the specific features to tackle data security and risk management for end users with Microsoft Endpoint Data Loss Prevention (DLP) and Double Key Encryption. The reason for the launch? The increasing shift towards a remote work environment and a need to mitigate the accompanying risks.
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
To bolster and broaden its data privacy capabilities for end users, cyber and data protection vendor Acronis has acquired DLP player DeviceLock. The acquisition aligns with the increasingly prevalent role that data privacy plays in cybersecurity.
Navigating the vendor risk management space, particularly in the current environment that consists of a mix of cloud, managed services, and critical supply chain, is key to ensuring that you don’t inadvertently introduce new risks through this dynamic channel.
On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.