Forget packets, sniffing, encryption and automated rule-based policy enforcement for a second. For all the complexities we need to know about, network security is really quite simple at its base level.
Just find the places an attacker could get into your network. Then close those gaps with the right protection and processes.
It’s what organisations have been doing for years with firewalls and antivirus. But, for a reason that doesn’t make any sense to us, it’s something that very few businesses are doing when it comes to software vulnerabilities.
We think the need for better vulnerability management should be obvious. Here’s why.
You secure your network against whatever the threat looks like. Wherever you’re most exposed, that’s the obvious place to focus your resources.
For most businesses, third-party software is an expansive, intimidatingly big area of risk. And that’s because of application vulnerabilities. These vulnerabilities aren’t in applications you’ve never heard of – they’re in the third-party software you use the most, from PDF readers to web browsers.
Attackers love these vulnerabilities. That’s because they don’t need to rush to exploit a zero-day vulnerability. In a world where you’re not patching effectively, they can take their time to exploit vulnerabilities that are weeks, even months old.
In short: there are vulnerabilities everywhere, and attackers are actively exploiting them to distribute malware and ransomware on a huge scale. That’s probably a threat you should be doing something about.
Firewalls and antivirus – essential parts of your security stack that help filter malicious traffic, detect malware in executables, and keep your network secure.
But not from software vulnerabilities.
While these long-standing elements of your security have a critical role to play, they’re sadly not part of the conversation about vulnerabilities. They remain two key pillars of effective protection, but your attackers look for ways around them. That’s sort of the point.
So while you may have the greatest technology at the perimeter, failing to implement good vulnerability management is leaving an attacker’s preferred attack surface exposed.
A look across recent media coverage shows numerous vulnerabilities in the wild. Popular freemium application Foxit Reader had two zero-day vulnerabilities exposed in August 2017. The recent HBO hacks seem to be vulnerability-related if the attackers’ spending habits are anything to go by. Even medical scanners are falling victim to vulnerability exploits.
It’s not surprising, then, that best practice and compliance standards like Cyber Essentials and GDPR are cracking down on patch management and vulnerabilities. That means that doing nothing is no longer an option if you want a compliant estate.
The choice isn’t between handling vulnerabilities and leaving them exposed. It’s between a labour-intensive, manual patching process or an automated, efficient way of doing things.
To us, that seems like a pretty simple choice to make.
Finally, implementing better software vulnerability management seems obvious because it’s a lot of protection for a relatively low investment – not just in terms of budget, but the time you’ll spend keeping up with alerts and checking your applications.