Security is not just security - why it takes more than virus scanners, firewalls and system updates
The daily news about "successful" cyberattacks may leave some people – notably those who are responsible for IT security - feeling like they’re at the mercy of hackers. The growing number of attacks, as well as the ever-increasing knowledge and technical sophistication of criminals further reinforces a perception of powerlessness. It’s almost accepted wisdom that "there's nothing you can do about it and it'll happen to everyone someday!"
But that perception is not the reality because IT pros are not so powerless and without room for maneuver. They are becoming increasingly adept at detecting and preventing attacks, motivated by business need, professional pride, and in some cases by new and pending legislation intended to force different and more effective approaches.
IT departments are taking a layered approach to security with carefully implemented measures at various levels to raise the barriers against attacks. More and higher barriers increase the amount of work required to conduct a successful cyberattack. That decreases a company’s likelihood of becoming a victim, and not just from a technical perspective. Even being seen as a hard target can deter criminals who generally prefer to maximize their ill-gotten gains with minimal effort.
Companies today are equipped with firewalls, virus scanners and similar solutions. But what about a more comprehensive, protective approach using vulnerability management? There is still some catching up to do here.
First of all, IT managers need to address a number of questions:
- What known security vulnerabilities currently exist?
- Do we as a company use software types or brands affected by those vulnerabilities?
- If we do, are the specific versions we use affected by a particular vulnerability?
- Finally, specifically where in my company is affected software used?
In addition, there are potential security vulnerabilities unrelated to software per se, but are the result of misconfigured system settings. Finding these is somewhat more difficult. Consequently, it is not easy to keep track of all potential vulnerabilities using virus and malware scanners. Trying to do so manually and without the right tools is virtually pointless exercise in futility.
That’s why we precisely address these challenges with the baramundi Vulnerability Scanner. The Vulnerability Scanner automatically and reliably scans systems using the company network, including mobile computers and those in home offices. It looks for vulnerabilities based on known, documented software CVEs - the so-called "Common Vulnerabilities and Exposures" (see box for explanation) for which fixes are available. Vulnerability Scanner also hunts for vulnerabilities for which no patch is yet released, security gaps from incorrect system configurations, and unauthorized devices – “shadow IT” – on the network. The scanner does not replace the need for regular patch and update management, but is an important supplemental security layer.
An intuitive Unified Endpoint Management (UEM) system with easy-to-use automation capabilities makes vulnerability scanning not only possible but practical. One of the core built-in functions of a well-performing UEM system includes an automated and highly detailed inventory of all network endpoints as described in some of our other blog articles. Endpoint inventories should be checked regularly and carefully because even a single unrecorded or incompletely recorded system can be the perfect gateway for a cyberattack.
The scan is performed using machine-readable policies, which are then regularly applied to each device by the vulnerability scanner's algorithms. By evaluating these algorithms, IT teams can then determine the exact threat level of their environment down to individual endpoints. This includes traditional IT systems as well as Operational Technology (OT) devices such as industrial controllers used in production environments.
The scanner also detects a wide range of potentially dangerous configurations. This is important because although software manufacturers have significantly improved the security of their solutions, incorrect or careless configurations can completely undo this progress. Potentially dangerous configurations can be analyzed and provided with proper and secure settings by the IT team.
As part of its security analyses, the scanner does not simply lump together all endpoints in an undifferentiated list of systems to examine. It enables IT teams to define and document certain scanning exceptions -- systems to be scanned at different times, in different locations or based on other security or performance considerations. At the same time the scanner ensures that IT teams are always aware of and do not overlook such exceptions.
The process does not end with the detection of potential threats. It alerts IT and SecOps teams to take appropriate steps for remediation immediately. Our UEM solution does that as well as assist in the controlled distribution of scheduled and unscheduled updates and hot fixes for critical vulnerabilities to provide additional and timely security.
Common Vulnerabilities and Exposures (CVEs) are listed a continuously growing collection of security holes and vulnerabilities found in computer systems. The list is standardized and uses a unique nomenclature so that each security gap, risk and vulnerability can be uniquely identified and prioritized. That helps software makers ensure greater transparency and supports cooperation between companies.
The entries from the CVE are used, for example, in intrusion prevention and intrusion detection systems. But databases or websites can also be compatible with CVE. This means that the IDs of the CVE entries must be used according to the specifications so that they can be linked to further information. This ensures that compatible services and applications can exchange information with each other.
The directory - now well over 45,000 entries and growing - is managed by the CVE Editorial Board, which is made up of members from various security organizations, vendors, independent cybersecurity professionals and academic institutions.