In the information security space, a vulnerability is a weakness in which it allows an attacker to reduce a systems information assurance. It is the intersection of three elements – a system susceptibility or flow, attacker access to the flow, and attacker capability to exploit the flow. In order to exploit a vulnerability, an attacker can use various tools or techniques to connect to a system weakness and it’s also known as attack surface. A threat is a communicated intent to inflict harm or loss to the information system and it is considered an act of coercion.
Most recent attacks exploit known vulnerabilities for which a patch or mitigating control was available. This makes vulnerability management a strategic component of any advanced threat defense strategy, providing benefits at multiple layers of a defense-in-depth security architecture.
Attacks launched at the beginning of this year against organizations in North America involved a zero-day privilege escalation vulnerability affecting windows. Researchers found the attackers first compromised the targeted system and achieved remote code execution via the malicious documents attached to spear-phishing emails, and then they used the CVE-2016-0167 exploit to run the code with system privileges.
Verizon Data Breach Q1 2016 Report shows that the threat actors exploited an easily identified vulnerability in the payment application, leading to the compromise of customer PII and payment information. Hackers are consistently looking for vulnerabilities that they can exploit to gain access to corporate networks and systems, financial data and more.
Organizations acquire capital funds and purchase the latest and greatest threat and vulnerability mitigation strategy by investing thousands of dollars; unfortunately, a strategic plan to move forward and maintain the new technology are often overlooked. This results in new technology providing a false sense of security as operating budgets do not take into account the time to support, maintain and operate the new technology – thus it becomes ineffective and leaves platform with open holes. Threat actors have the upper hand when technology is not maintained and they develop ways to circumvent how it works and its weaknesses. Cloud, mobile and IoT require an innovative and different approach to assess vulnerabilities than the traditional windows and Linux servers and workstations required.
Today, most IT managers try to find the answer to the question “We have found 500 vulnerabilities and can fix 300 of them quickly. So how to prioritize which one to fix first and then next?” Threat and vulnerability management is a tedious and time consuming manual process that most of the enterprises use, and require business context in order to implement the remediation plan. Enterprises need to design a solution to support vulnerability life cycle management providing automated workflow, reporting and collaboration capabilities.
At the same time required coordination and planning with business owners is necessary in order to minimize the impact to the service availability and downtime. Security engineering teams at times spend lot of time planning, deploying and testing the vulnerability patching in non-production environment before applying the patches to the production environment because businesses don’t want any service interruption that would impact revenue.
Threat and vulnerability management is a process of identifying, analyzing, modeling, simulating the potential impact and risk thereby planning to remediate security threats and weaknesses. The program could covered:
- Asset inventory management
- Vulnerability scanning
- Vulnerability assessment and analysis
- Vulnerability remediation and mitigation planning
- Risk and threat modeling and impact analysis
- Penetration testing
Threat and vulnerability management program managers need to deliver effective vulnerability management for traditional and emerging technologies in growing, perimeter-less IT environments including mobility, cloud and IoT. To ensure a successful vulnerability management program, security leaders need to verify the effectiveness of their threat and vulnerability management efforts and align these with business context and objectives. Assessing the impact of potential threats to evaluate their risk will become a primary tool in managing the large volume of vulnerabilities that enterprises need to detect and remediate on an ongoing basis in order to prevent the cyber advisories and data breaches.
This article is published as part of the IDG Contributor Network. Want to Join?