Enterprise today are investing in world class security products and do hire talented workforce to keep their business assets safe from any attack vectors. According to IBM XForce Threat Intelligence Index 2019, the growing attack surface and rising risk in organization today are vulnerability remediation and effective patch management.
Security leaders wanting their security operations team to perform scheduled vulnerability scans across their infrastructure and applications using market leading products that generate great reports with classification of severity rated as ‘critical’, ‘high’, ‘medium’ and ‘low’. But often the organization doesn’t have visibility of whether the ‘non-business mission critical asset’ with vulnerability rated as ‘critical’ actually if exploited leads collateral damage. They now need senior staff to define the vulnerability management program that defines ‘exclusion’ or ‘exemption’ handling; vulnerability prioritization, remediation prioritization and define KPI metrics, and so on.
The fact of the matter is; organization continue to have ageing vulnerabilities remained unpatched and its serious problem that need solution that are effective to reduce the time that vulnerability discovered and patched. Security leaders should explore solution component that has vulnerability workflow automation and continual remediation.
In many organization – the vulnerability remediation tasks become bun-fight exercise between the security team and application/ infrastructure teams. The shorter the time to perform fix or apply patch will showcase how effectively the team as adopted the culture to secure organization’s loopholes.
The four key strategic recommendations are
- Asset Management: Unless organization do not have inventory or asset management with appropriate classification and severity defined for each asset component; Its highly unlikely to get the business risk context for any vulnerabilities associated with it.
- Threat Intelligence: Leverage threat intelligence feeds to obtain information such as vulnerabilities that are exploited and has confidence score higher need remediation prioritization than vulnerabilities that are not exploited until that point of time.
- Alternate vulnerability fix methods: Explore possibilities to enable application white-listing or virtual patching in the endpoint protection components, enabling IPS features, enabling WAF features, etc. that has to be part of security device management team’s best practices guidelines or standard operating procedures
- Automation & Orchestration: Integrate the vulnerability management tools with leading ITSM platforms or patch management solutions and develop workflow automation to perform vulnerability remediation or vulnerability incident response.
Unpatched vulnerabilities are an attackers’ gateway into organizational networks and devices. When there are exploits freely available on the internet, even the more novice attackers can attempt—and successfully breach critical assets. With increase in IoT sensors and devices that are becoming part of national critical systems (such as smart grids) – the magnitude of problem should be well understood.
Its now time to act.