Tightening the Remediation Gap: Because the Bad Guys Have the Lead
February 21, 2017 | Best practices
Vulnerabilities are a given. You can count on it.
In fact, 2015 saw a 125 percent spike in zero-day vulnerabilities, according to Symantec. On average, that’s a new attack or exploit a week.
Security teams are being overrun by automated, non-targeted attacks. Security experts compare it to crooks rattling all the windows in a neighborhood in order to find one they can pry open.
A Lot Can Happen in 60 Days
The sobering truth is that it almost always takes twice as long to remediate a vulnerability as it does for an attacker to exploit that vulnerability.
Here’s how it typically plays out:
On average, businesses take 100 to 120 days to remediate a known vulnerability. Yet, a vulnerability is most likely to be exploited in the first 60 days of its release—as in 90 percent likely. This, according to an eye-opening report from Kenna Security.
Remediation then becomes a race between the good guys and the bad guys—with hackers sprinting like Usain Bolt at the Summer Olympics.
Why Does Remediation Take So Long?
Remediating vulnerabilities is a long, involved process for most enterprises. A vulnerability pops up. InfoSec gets an alert and makes its report. If the CVSS score warrants it, the OS team puts in a ticket. But, if a change window is missed, it may take another 30 days before the vulnerability can be addressed.
That’s a ton of time in the world of non-targeted attacks.
The bottom line is that the typical organization is sitting atop a pile of critical, un-remediated vulnerabilities.
With that in mind, consider these five key steps for ensuring that hackers don’t get a running start.
1. Don’t ignore old threats.
Often, the vulnerabilities that are exploited are well-documented weaknesses that simply haven’t been fixed yet. These are the old viruses, ancient worms and long-forgotten Trojans of the threat world. In fact, the most exploited vulnerabilities are typically more than five years old.
2. Focus on the real perils.
Security teams often spend time and money remediating vulnerabilities that aren’t actually being exploited. If there’s no exploit created for it, and it hasn’t been exploited to date, the vulnerability might not represent a relevant threat. The best approach is to correlate external exploit intelligence with the results of internal vulnerability scanning—and focus on fixing the most critical vulnerabilities.
3. Get real about your capabilities.
Non-targeted attacks come at such scale that it’s essentially impossible to manage the threats with just one person or even a team. You’ll be writing as many tickets as you can for the urgent vulnerabilities, but you’ll always be behind. In fact, you’ll probably be several steps behind.
4. Scan authentically.
Hackers and malware are often able to browse through your systems and exploit flaws as a logged-on user. An authenticated network security scan allows you to test in the same context — potentially uncovering more misconfigurations, weak share permissions and missing patches.
5. Automate, automate, automate.
Today’s hacker is fully automated—and so should you be. That means abandoning inefficient manual processes for automated methods that enable your organization to rapidly prioritize and remediate critical vulnerabilities. That starts with utilizing automated vulnerability scanning tools against all systems on the network on a weekly or more frequent basis.