New in Managed Services: Vulnerability Management
At the beginning of this year, we already had our first major security vulnerabilities appearing in the form of Spectre and Meltdown. These two vulnerabilities impacted nearly any device running on iOS, macOS, Linux and Windows. If this sets the course for the rest of 2018, then fasten your seatbelts because we are facing a rough year! In this blogpost, I would like to share my thoughts with you on vulnerability management based on my experience in Managed Services.
Which vulnerabilities should be on top of your mind?
Throughout 2017, ransomware was definitively a top concern for many of our customers. According to MalwareBytes, there was an increase of 700% in ransomware! WannaCry and NotPetya, two exponents which abused the EternalBlue exploit, showed us that there are still a lot of customers who struggle applying security patches, in this case Windows patch MS17-010.
Having a good patch management in place, is of course easier said than done. It is an impossible task to keep all your systems up to date. And there is always a risk of breaking a well-functioning application by installing a security patch. How to solve this? When should you install a patch?
There is only one right method, and that is the risk-based approach. Every day, about 35 to 40 vulnerabilities are disclosed. Only a few of them will actively be exploited by hackers. So, most vulnerabilities should not be on top of your mind. But, how do you recognize the ones that matter?
Patch Management: how to separate the wheat from the chaff?
To patch or not to patch? That does appear to be a difficult question. The Common Vulnerability Scoring System (CVSS) can help you to decide upon the severity of the risk. A score is assigned to the vulnerability at disclosure and ranges from 1 to 10, 10 being the highest risk. Unfortunately, we notice that 60% of all vulnerabilities are in the most critical levels (between 6-10). Leaving still a wide range of things to patch. Another disadvantage of the CVSS, is that the scoring is assigned at the time of the outbreak and remains unchanged. So it does not actually reflect the current status and your environment.
How to deal with these shortcomings? It is obvious that we need a real-time dashboard of your current risk posture. It must give a clear overview of your vulnerabilities and there must be threat intelligence so you immediately know which systems are at risk. We now offer a new Managed Service to help you deal with this challenge: SecurePrevent Vulnerability Management.
SecurePrevent Vulnerability Management: an overview
SecurePrevent Vulnerability Management is a service that consists of two components: the vulnerability scanner and the Kenna platform.
The vulnerability scanner is a device that scans your entire network and discovers systems with vulnerabilities which may come in the form of missing patches and misconfigurations. This type of scanners already exists for quite some time, and you may have heard of some of them such as Nessus, Rapid 7 and Qualys. These scanners produce lengthy reports with discovered vulnerabilities but for the IT teams, it is still very difficult to prioritize and focus on the key risks.
This is where the second component comes into play. The Kenna platform imports all the results from the vulnerability scanners and combines them with the real-world threat intelligence. This immediately shows the vulnerabilities that need to be prioritized in order to decrease your current risk, effectively introducing a risk-based approach to vulnerability management.
The Kenna platform allows you to report on assets grouped by different criteria (e.g. the department or operating system). The reports can range from a simple risk meter to a full detailed technical report which allows you to report risk to a C-level member as well as to the engineers responsible for the installation of the patches.
SecureLink offers this service in a customized manner to make sure we match your requirements. By allowing you to reuse your own scanner, we make sure your previous investments are not lost.
Security patching is an important weapon against ransomware and other cyberattacks, but you will only get the true benefit out of it when applying a true risk-based approach.