3 must-do tasks to make vulnerability management useful in today's environments
I recently heard an executive describe how his team essentially threw its vulnerability report in the trash every time they received one. This seemed a bit extreme, but he informed a group of conference attendees that it wasn’t because the vulnerability reports didn’t contain important information -- it was because they have become so overwhelming.
Vulnerability management vendors today are routinely scanning for more than 100,000 vulnerabilities. Imagine the strain that places on an organization if even only a fraction of these vulnerabilities are found within their network. Then consider the feeling associated with the knowledge that there is no possible way to address them all in an effective time frame that will ensure that you are not at risk.
The excessive number of vulnerabilities only will continue to increase, opening up space for cyberattackers to take advantage. Because of this, vulnerability management was listed as one of the top projects for organizations to get a handle on at Gartner’s 2019 Security and Risk Summit. The problem is IT teams don’t know where to start. Vendors need to step up to help them.
Here are three things that must be done across the board in the vulnerability management space to assist teams in getting the basics covered.
Give the User Control
With millions of vulnerabilities being presented to IT administrators and security operations, there needs to be effective and easy ways to quickly read and interpret the data. If vulnerability management software spits out a bunch of data without providing different ways to sort and highlight it, it becomes incredibly difficult for IT to work with or act on. Yet, this is how vulnerability management has been conducted for years -- to the point where it is now considered simply voluminous and unactionable.
To elevate vulnerability management and allow it to have a positive impact, reporting mechanisms need to provide the IT and SecOps users with more control over how they want to consume and evaluate vulnerability data. Every company has different priorities that define where they want to focus energy and resources. As such, they require tools that let them customize the analysis and resulting reports to meet their needs. Evolving the user interface to accommodate the user is the first step to making a vulnerability report meaningful and actionable to IT operations.
Determine What Matters and Why
Out of all of the thousands of vulnerabilities found, then which ones do teams address? Which ones are open? There needs to be a simple way to determine very quickly what requires attention and in what priority. To help IT operations teams get to the starting line, vulnerability management tools must do more to assess the risk specific vulnerabilities pose.
Most of the vulnerabilities exploited last year were not considered high-severity vulnerabilities. This is largely because cyberattackers have learned that companies are conditioned to fix the critical or high-rank vulnerabilities first; therefore, they go after medium level threats to gain entry. Because these issues have traditionally been considered lower priority, chances are good that understaffed and overworked teams have yet to address many of these vulnerabilities. Bad actors can then infiltrate systems and wreak havoc because of an issue that likely could have been fixed relatively easily. As this practice becomes more common, it is evident that a CVSS score alone is not enough. For vulnerability management to be effective, vendors need to come up with intelligent ways not only to rank severity and impact but also the likelihood that a particular vulnerability will be exploited.
Execute a Rapid Response
Once software fetches vulnerability data, teams filter it according to their needs and assess and prioritize which vulnerabilities to attack first—there has to be a mechanism for immediate action. Modern solutions should provide simple ways for staff to respond quickly to what they see and learn. Organizations that are left to their own devices to develop and execute fixes through manual processes or custom scripts are at a distinct disadvantage. IT and SecOps are often unable to work together in a rapid, cohesive, and collaborative process to deploy a patch enterprise-wide. SecOps teams are frequently overwhelmed with their own issues. As a result, system updates and patches can take a long time to execute, contributing to the backlog and extending the window a company is susceptible to attack.
Intelligent automated solutions are being developed to take this burden off of teams so that vulnerabilities can be identified, assessed, and addressed near instantaneously. Platforms that integrate these solutions with endpoint management tools, software distribution tools, or patching tools enable their users to immediately send out system updates, patches, or configuration changes. By doing so, this increases the value of the fetch and reporting capabilities. It essentially creates a command station for managing vulnerabilities, which is the ideal that everyone is trying to reach.
If all of these features can be incorporated into a single pane of glass that the IT and SecOps user goes to everyday, it would be an incredibly powerful tool for reducing threats. This may sound basic, but it has been very difficult to do. As the industry moves closer, however, and a new emphasis is placed on vulnerability management, teams will soon get the relief they are searching for while fortifying their defenses against cyberattacks.
Image credit: PirenX / depositphotos.com
Jim Souders is CEO of Adaptiva, a leading, global provider of endpoint management and security solutions for enterprise customers. A global business executive with more than 20 years’ experience, Jim excels at leading teams in creating differentiated software solutions, penetrating markets, achieving revenue goals, and P/L management. Prior to Adaptiva, Jim led high-growth organizations from start up to public offering and acquisition in a variety of advanced technologies, including IT infrastructure management, cross-platform mobile application development, WAN/LAN optimization, and wireless supply chain automation systems. For more information, please visit https://adaptiva.com/, and follow the company on LinkedIn, Facebook, and Twitter.