What do Easter eggs and vulnerabilities have in common?
Vulnerability management is essential for every organization. But what are vulnerabilities in the context of IT and OT and how do we deal with them? Like it’s Easter morning, obviously.
- The threat posed to IT systems by vulnerabilities is skyrocketing.
- Vulnerability management is a holistic, cyclical process that continuously improves a company’s IT security.
- A step-by-step process: Identify, qualify, remediate, and report.
Vulnerabilities or security gaps in IT and OT are errors in hardware or software through which a program or an attacker can penetrate a system, cause damage or steal valuable assets. Vulnerabilities can be roughly divided into two categories: those that are already known to the public and documented, and those that only become known on the day of the attack, so-called zero-day exploits.
Cybersecurity threats are skyrocketing and are expected to keep rising. Overall, the 2023 Global Threat Report from international cybersecurity firm CrowdStrike states that, ”The 2022 cyber threat landscape was defined by persistence, increased target scope and relentless determination.” The National Vulnerability Database (NVD) maintained by the US government and used as an international industry source, published 25,093 Common Vulnerabilities and Exposures (CVEs) in 2022, a 25% increase from 2021. Beyond IT systems, threats are rising for OT infrastructure, with cyber-physical security company Claroty reporting a 110% increase in industrial control system (ICS) vulnerabilities between 2018 and 2022.
All of those statistics reinforce the idea that vulnerability management should be a process and a recurring cycle. Ideally, it should be integrated into an organization’s holistic security strategy. Vulnerability management – especially with the help of a Unified Endpoint Management (UEM) solution – helps to identify, qualify and eliminate security gaps. It also helps define additional measures can be applied. These include ongoing education to raise employees’ awareness of points of attack and to teach them how to deal with them correctly.
The detection phase is the foundation of any vulnerability management process and identifies open security gaps. It includes checking services, software, configurations, and open ports in various IT systems. Manufacturing organizations have the additional requirement that vulnerability scanning must not affect or disrupt production. The right technology and proper configuration are crucial here.
After the detection phase, the vulnerabilities found must be evaluated and prioritized. For this purpose, good UEM solutions already offer databases with a risk assessment such as the CVSS score (Common Vulnerability Scoring System). However, this is not enough, because individual criteria are added: How old is the vulnerability? Can it still be actively exploited? Did scanning result in a false positive, i.e., that the vulnerability does not affect currently installed software?
High-risk vulnerabilities should be eliminated as soon as possible. There is no universal recipe to follow, as vulnerabilities differ in multiple ways on different systems.
The first and most obvious step is to install available patches, preferably patches that have been validated and tested to avoid compatibility or performance issues.
If no patch exists, other measures can be used such as blocking remote maintenance access to at-risk systems or isolating them in secure network segments. If the risk is low, you can weigh the cost of time and resources to eliminate the vulnerability against the potential impacts and costs if attackers were to exploit it.
Last but not least, it is crucial to document all vulnerabilities. This is where dashboards and reports come in handy to show current vulnerability status. Reports can help an organization document security processes and overall progress and inform an ongoing assessment of risks and trends. The point is to stay one step ahead of attackers by treating vulnerability management as an essential, continuous and consistent process for identifying and remediating security gaps.
How does vulnerability management differ from patch management? The two go hand in hand within a solid IT security strategy and should not exist without each other. In other words, vulnerability management is a process. Patch management is an integral practice within that process to close identified vulnerabilities. Automated patch management paired with regular vulnerability scanning also helps reduce the time and cognitive burdens on IT staff managing cybersecurity.
Vulnerability management provides added value for every organization because it reduces attack surfaces and increases security. Structured and documented vulnerability management practices also are required to obtain certifications such as ISO 27001 or TISAX, and to obtain adequate and affordable cyber insurance coverage.
But what do Easter eggs have in common with vulnerabilities? They must be found – often with the same relentless determination, focus, energy and imagination that you applied as a kid when hunting for decorated eggs and other goodies on Easter morning. The good news – and the bad news – is that IT or OT admins will rarely if ever run out of vulnerabilities to look for. As they say, if you keep all your eggs in one basket, watch that basket!
baramundi supports sysadmins in this process in office IT and production OT environments with a holistic solution in the baramundi Management Suite.