In the current digital era, enterprises across the world heavily rely on information systems for day-to-day operations and for accessing business-related data. In essential institutions, such as banking and financial, health, and government, protecting information is critical and any security mishap could disrupt daily operations. The intention of attackers is to either deny services until a ransom is paid or breach security to gain access to critical information. Either way cyberattacks place enterprises at huge financial risk and might even put them out of business.

The concern about cyberattacks is global. Cyberattacks impact organizations of all types and enterprises are especially vulnerable to ransomware attacks. The cost of cybercrime worldwide is projected to reach $6 trillion by 2021, with ransomware attacks about every 14 seconds impacting enterprises, according to a Cybersecurity Ventures report. As a result, enterprises are investing in cybersecurity programs, such as vulnerability management solutions, and are implementing security training for employees as well.

 What is vulnerability management?


Vulnerability management is the process of ensuring that your enterprise network is secured against potential security gaps, which can invite attacks from hackers. A security risk arises at the intersection of vulnerability and external threat. Vulnerabilities in security programs or any application used in business can pose severe risks if unattended. When an external threat actor exploits the vulnerability, it results in cyberattacks.

With proactive vulnerability assessment and management, you can reduce or nullify the impact of external attacks via the attack surface. Vulnerability assessment scanners help detect known vulnerabilities, such as an unsecure firewall gateway or software misconfigurations.

 How having multiple security solutions and a non-automated system defeat the purpose of security. 

 Enterprises using multiple-point products to keep their network secure may be unaware of possible performance issues. Each solution uses an interface that runs on processes, drivers, and other important active components. While scanning the files, drivers have the utmost privilege; they can lock down a file, disallowing any other action on it. If two or more point products are in operation simultaneously, this might cause both drivers to take full privilege of all files. This could cause some files to be locked and then skipped while being scanned. Thus, it becomes more of a security concern than a good practice to use more than one security solution. Additionally, your computer’s performance might slow down as CPU resources are consumed due to the ever-operational status of these security solutions.

Manually scheduling scans to detect vulnerabilities might not work in the long run; it takes automated, scheduled tasks to stay on top of security. Once a vulnerability is detected, if a patch or update is available to mitigate it, automating the deployment helps prevent an exploitation. A vulnerability management program must be complemented with patch management capabilities.

Complementing vulnerability management with patch management ability.

While vulnerability management detects vulnerabilities, assesses and prioritizes the associated risks, evaluates external threats, and provides corrective preemptive mitigation to prevent exploits, patch management helps thwart known vulnerabilities with the help of available patches.. The best practice is to utilize both vulnerability and patch management programs; once vulnerabilities are discovered, patches available for them should be remediated by automating the deployment.

Opportunity costs of not deploying vulnerability management.

Organizations often pay dearly for security lapses that might be overlooked while implementing a security strategy. The financial sector is a favorite of hackers. A recent devastating data breach left a credit-based firm struggling to recover from the financial loss.

A leading financial credit agency, Equifax, suffered a data breach in 2017 that resulted in more than 140 million customers’ credentials being compromised. The firm has offered to pay each victim $20,000 as compensation. It has also been slapped with a $700 million fine for not complying with the GDPR regulations because the firm engages with customers in the EU. Security experts came down hard on the credit union’s negligence for not having a strong web-facing server password policy in place.

In the first week of August 2019, another credit card-based firm admitted to a data exposure where more than 100 million accounts were compromised. The cause of vulnerability was a misconfigured web application firewall that enabled data access to account records.

A vulnerability management system helps detect misconfigurations in regards to strong password policy, web server hardening, firewall port access, Windows Defender and other antivirus detection, administrative authorization privileges, and more.

Important features that help you choose the right vulnerability management system.

Your vulnerability management system should be able to effectively discover existing security and software misconfigurations, high-risk software, web server misconfigurations, and other vulnerabilities in your network. Features to evaluate in a vulnerability management program include:

Security configuration management:  Detection of antivirus enablement, updated antivirus definitions, enabling MS Windows Firewall, ensuring authorized administrative share access, folder share permissions, ensuring secured password policy, browser configurations, checking elevation of user privileges, and more.

Web server hardening: Security hardening of web-facing servers is essential. Your vulnerability manager program must be capable of ensuring secure communications via SSL to prevent attacks gated via the server. This helps prevent denial of service and brute-force attacks.

High risk software audits: Software deemed dangerous to businesses, like peer-to-peer file sharing software, those nearing end of life status, and remote desktop sharing software should be scanned for and defined permissions for usage or blockade. This helps prevent creation of new vulnerabilities that can invite attacks.

Port audits: Applications require specific firewall ports to be open. There might be cases when inactive ports are open that can lead to exploitation by injecting trojans or other malware. Your vulnerability management program must be capable of controlling the firewall ports to determine which ones need to be open or closed, especially on internet-facing servers.

Zero-day vulnerabilities mitigation: Zero-day vulnerabilities do not come with patches; they are barely exploited in the wild, and vendors strive hard to release timely patches before proof of concept is implemented. In such cases, a vulnerability management program must help execute custom scripts in the form of tweaking registry key settings or disable legacy protocols.

Did you know the ransomware WannaCry, which wreaked havoc in 2017 to businesses worldwide, came with a simple fix for disabling the SMB (Server Messaging Block) V1 and closing port 445? A lack of awareness led to widespread ransomware attacks. A vulnerability management program helps with timely fixes and mitigation such as these.

 How vulnerability management is an upgrade from legacy IT ops processes:

Vulnerability management is an upgrade from the conventional IT management processes and provides an array of functionalities:

  • Inventory scanning: Taking inventory of the various software assets and creating custom groups based on OS and applications.

  • Vulnerability assessment: Discovering all possible known vulnerabilities that can lead to attacks.

  • Vulnerability mitigation: Providing remedial advice to thwart the vulnerabilities.

  • Risk and threat prioritization: Defining the risks based on the severity and accordingly taking action.

Most importantly for patch management, if patches are available for the known vulnerability, a built-in patch manager solution can resolve the vulnerabilities quickly.

Once the vulnerabilities are discovered and remedied, it is important to generate granular reports to help document for future purposes and security auditing. With the right vulnerability management program in place, enterprises need not worry about cyber threats and can focus more effectively on other areas of business.

 A part of this blog was already published as a guest article on cio.economictimes.indiatimes.com.

 

 

 

Srini Jagan
Marketing Analyst, ManageEngine