The Power of Remediating Vulnerabilities in Real-Time

Image from Pixabay

Zero day exploits make for dramatic headlines, but the reality is that most cyberattacks—particularly the ones responsible for the biggest and most infamous data breaches—tend to target avoidable configuration errors and known vulnerabilities that have had patches available for months. There is no such thing as invulnerable cybersecurity. However, by identifying configuration issues and remediating vulnerabilities in real-time dramatically reduces your exposure to risk and moves the needle significantly in your favor.

There have been a number of large, high-profile attacks in 2019. Researchers discovered millions of Facebook user records exposed on AWS in April. CyrusOne—a leading data center provider—was hit by ransomware in early December, and in mid-December, the city of New Orleans declared a state of emergency after being crippled by a ransomware attack. Clearly, there is more that needs to be done to improve cybersecurity and defend against these threats more effectively.

The Vulnerability Management Frontline

It is challenging to keep up with vulnerability management. There were more than 22,000 new vulnerabilities disclosed in 2018—an increase of 27% over the previous year. A third of those were ranked as high or critical vulnerabilities. The rough math works out to nearly 21 high or critical vulnerabilities every day—365 days a year. That doesn’t even count the remaining 15,000 or so vulnerabilities that are ranked as less severe.

At the same time, the mean time to weaponize is going down. Attackers are getting better at reverse engineering vulnerability disclosures and patches to develop working exploits faster than ever. In other words, once a vulnerability is made public, the clock is ticking, and the risk of exploit goes up substantially with each passing day that the vulnerability remains exposed.

Certain industries are more popular targets for cybercriminals, and every organization and infrastructure is unique, but as I work with our customers there are some common themes. No matter the size of the customer or the industry it operates in, comprehensive visibility and the ability to remediate vulnerabilities in real-time are the keys to more effective cybersecurity.

Improve Your Security Posture

Streamlining vulnerability management and improving your security posture begins with understanding the vulnerability management lifecycle. The vulnerability management lifecycle is a perpetual circle comprised of asset inventory, vulnerability management, threat risk and prioritization, and patch management.

Organizations need to be able to answer the following questions:

  1. Do you know what all your assets are and where they are?
  2. Do you know the types and amounts of open vulnerabilities in your environment?
  3. Do you have the context to prioritize remediation based on threat intelligence?
  4. How can you deploy patches to close high-impact vulnerabilities as quickly as possible?

Raising the Bar for Cybersecurity

Managing multiple cybersecurity tools and platforms and struggling to correlate disparate sources of information to see the big picture adds complexity and makes effective cybersecurity an even greater challenge. Organizations need visibility and context—and they need information presented from a single source of truth.

Organizations need asset discovery and asset normalization to maintain an accurate, real-time asset inventory—and they need the ability to conduct vulnerability scans and analyze security configurations continuously. Even with all of that in place, though, context is crucial. Just because a vulnerability is ranked as high or critical doesn’t mean it is a top priority for your environment—or that it is a top priority for every vulnerable system or application on your network.

You have to consider more than just the assigned exploit security. Using machine learning to analyze real-time threat intelligence, proof-of-concept data and real-world exploits, combined with historical threat patterns, information from social media and Dark Web threads, and emerging threat patterns enables you to get a better idea of how much of a threat a given vulnerability is right now.

Your network is unique to you, though, so you have to go one step further to narrow down the systems and applications that truly need to be addressed as a top priority. Given 100 vulnerable assets, you need to focus first on those that contain sensitive data or mission-critical applications, or that are on systems that are public-facing and accessible over the internet. Systems that are internal or lower value or have additional security controls in place to mitigate the risk are a lower priority.

When you understand the vulnerability management lifecycle, and you have a platform in place to provide both visibility and context, it makes the 22,000-plus vulnerabilities per year a little less overwhelming. You can identify the vulnerabilities that expose your environment and data to the most risk and focus your efforts on remediating vulnerabilities in real-time on the systems and applications that are the highest priority.

Latest posts by Chris Carlson (see all)
Chris Carlson: Chris Carlson is the Vice President of Cloud Security at Qualys, where he leads strategy for the Cloud Agent Platform. His 20+ years in the infosec industry have included security architecture roles at UBS and at Booz Allen Hamilton, and product management positions at startups and at leading vendors, including Hexis Cyber Solutions (WatchGuard), Agent Logic, Informatica and Trustwave.
Related Post