Threat monitoring: pinpoint patching priority

Share

The sheer volume of software vulnerabilities makes it impossible to patch everything. Without the right internal resources and skills, enterprises are at risk of leaving the vulnerabilities with the biggest impacts exposed for rapid exploitation by cybercriminals.

According to a report by Risk Based Security, which provides data breach and risk ratings, over 22,000 vulnerabilities were published in 2018. This figure is expected to rise significantly this year, and every form of software is impacted.

The report found that web-related vulnerabilities made up nearly half of all the reported security flaws. Nearly a third of vulnerabilities were linked to access authentication. The big problem is that applications tend to have different patching mechanisms, which adds further complexity to the challenge.

“The rising number of software applications enterprises are using, along with the arrival of cloud platforms, is increasing the complexity of the IT environment. Enterprises now have a large portfolio of vendors to cover when it comes to vulnerability management,” explains Melanie Pilpre, Product Manager, Orange Cyberdefense.

Not all vulnerabilities are equal

Not all vulnerabilities will expose critical business software. Use threat intelligence and vulnerability management to provide you with information on which part of your systems need priority care. Threat intelligence can pinpoint which vulnerabilities are most likely to be exploited by bad actors.

Gartner believes that enterprises need to align their vulnerability management with the biggest security threats. Although the analyst firm is seeing persistent and advanced threats, bad actors are still leveraging known vulnerabilities to gain access.

Gartner maintains that 99% of vulnerabilities exploited by the end of 2020 will be the ones known by security and IT professionals at the time of the breach.

“Don’t stop continually inching towards improvements with a vulnerability management program, but it is more critical to reduce attack surface by closing the biggest risks, which are the known vulnerabilities being exploited in the wild,” explains Craig Lawson, Research Vice President at Gartner.

Pilpre agrees: “Enterprises know there is a risk by not patching, but often they don’t know how big the risk is. They end up not prioritizing their patching.”

Lawson advises that enterprises patch vulnerabilities that are being exploited in the wild as a priority to mitigate risk and improve security posture.

The importance of vulnerability management

Bad actors have gotten faster at exploiting vulnerabilities. The average time between identifying a vulnerability and seeing an exploit in the wild has shortened from 45 days to 15 days in just under a decade, according to Gartner. This provides a short window for patching.

Unfortunately, in Pilpre’s experience, if patching isn’t done straight away, it ends up being abandoned and never dealt with. “This means sensitive data can be exposed to cybercriminals who will siphon it off and sell it without the enterprise even knowing they have suffered a security breach,” she says.

Threat monitoring: pinpoint patching priority

Having a vulnerability management framework in place that checks an enterprise’s infrastructure for vulnerability is paramount in preventing security breaches, according to Pilpre. Without a robust vulnerability management, monitoring and patching program, new vulnerabilities can be missed, and old security holes left to linger – awaiting bad actors to exploit them.

Enterprises can build their own vulnerability management teams internally if they have the resources – or partner with an expert. Orange Cyberdefense, for example, has an a la carte selection of vulnerability monitoring services that can help enterprises prioritize remediation and enhance reactive responses.

Enterprises choose to work with partners on vulnerability management because it’s much easier to deploy and manage and doesn’t require a dedicated team. This means that internal IT resources can be used on business-focused projects.

Vulnerability exploitation: a case of when, not if

In a recent survey by the Ponemon Institute, more than half of respondents said their enterprise had suffered a data breach in the past two years. Forty-eight percent said the data breach could have been avoided if the enterprise had patched. Worryingly, 38% of respondents said their organization was aware of a vulnerability prior to the breach.

Unfortunately, it is a case of when – not if – an enterprise will be hit by a vulnerability breach. But enterprises are struggling to keep up with the tsunami of vulnerability information and patching alerts. In Ponemon’s study, 81% of respondents admitted that their enterprise didn’t have enough staff to patch fast enough to stop data breaches.

Many data breaches occur simply because of poor patch management practices. With the threat landscape widening, vulnerability management is a critical component in any mature security framework – firmly closing the door on attacks on an enterprise’s own applications.

Vulnerability Intelligence is just one of the many Threat Management services offered by Orange Cyberdefense. Download our brochure to find out more about Threat Management – a necessity for securing what matters.