May 18, 2020 | By Moshe Dadush Infrastructure Security Manager
Unpatched vulnerabilities are one of the major reasons why organizations face some of the most impactful cyber-attacks and breaches. As per the Ponemon vulnerability study conducted by Ponemon Institute, 60% of the organizations who have been the victims of cyber-attacks and breaches, could have prevented such occurrences effortlessly. These breaches had occurred due to unpatched known vulnerabilities.
As per another survey from Tripwire, approx. 21% of the organizations take a couple of months to discover new assets that are connected to their network. These data also exemplify the significance of having a comprehensive Vulnerability Management strategy within an organization.
The Center of Internet Security (CIS) has been instrumental in defining industry agnostic security practices and guidance for cyber defense. As per their control prioritization, Continuous Vulnerability Management (CVM) is the third most crucial control that organizations should emphasize on. The first and foremost controls defined before having a CVM program or even which complements CVM is to have an Inventory and Control of Hardware and Software assets.
There are security products that can help with the implementation of these controls, but achieving a CVM is an all-inclusive process. Thus, it is vital to note that a vulnerability program is a dedicated lifecycle of processes which needs to be implemented.
In recent years, we have been increasingly hearing about several cyber incidents wherein adversaries take advantage of unpatched vulnerabilities. Some of the recognized ones include:
Travelex, a currency conversion services company was hit by an attack wherein the adversaries exploited a vulnerability in Pulse Secure.
- On 14th April 2019, the vendor Pulse Secure released a patch/update for the discovered vulnerability.
- On 31st December 2019, Travelex was hit with adversaries exploiting the vulnerability and laterally distributing ransomware (REvil) in its organization’s systems.
Equifax, one of the largest credit reporting organizations, had a massive cyber-attack in which approx. 10M customer personal information was breached. This was due to a vulnerability (CVE-2017-5638) in Apache Struts Service.
- On Feb 14 2017, Apache identified the vulnerability and by 6th March 2017, they released the patch to the public, calling it a critical patch/update.
- As per Equifax’s official statements, they expect the first day of this attack to be 14 May 2017.
It is thus crucial, to have a systematic and profound vulnerability management program across the organization. Consequently, it also requires to have collaboration across all business units and roles within an organization for streamlining the process – from Help Desk, Network, and Systems Management, Product Management to Development teams – each of them can contribute to the rising level of security in the organization.
Hence, the CVM program should also be quite simple and structured to follow. We have enlisted a couple of practices which should be adhered to, at minimum, to develop a systematic process:
- Getting complete visibility to an organization’s software and hardware assets is mandatory i.e. all the infrastructure components, operating systems, services, and respective applications (in-house and third-party applications).
- Distribution of the systems and applications as per the business areas/ geographical location and identifying administrators for each group. These groups should be responsible for patch management of their respective systems and application, which they manage.
- Each system and application should be prioritized as per the business criticality and severity of the potential identified vulnerabilities via a vulnerability analysis product.
- The remediation plan should be developed and reporting should be enabled periodically.
- Run a vulnerability analysis product or tool, to ensure the identified vulnerabilities are remediated.
If the above listed processes are periodically reiterated throughout the year, it would support organizations consistently to reduce the attack surface and to have a continuous vulnerability monitoring in place.
Stay Safe with TrustNet!