Vulnerability Management – Addressing the Need and the Challenges

“The ultimate goal is to shrink the attack surface, and the key is prioritization,” says Mieng Lim, VP of product management at Digital Defense, Inc., in an exclusive interview with IT Security Wire.

ITSW Bureau: Do you feel that having a programmatic mechanism of vulnerability management is one of the biggest challenges faced by enterprises today?

Mieng Lim: Absolutely. Enterprises today, large and small, are experiencing a cybersecurity skills shortage that strains existing resources. This leads to cybersecurity program implementation in an ad-hoc fashion, which can introduce pockets of unintended weakness in the network.  Organizations that are only scanning ad-hoc or not deploying a scanning solution to the entirety of their network are doing themselves a disservice and introducing avoidable blind spots.

A consistent, repeatable, programmatic approach to vulnerability management provides a number of benefits. Organizations will know with certainty what is on their network, and what should or should not be on the network.

A consistent vulnerability management program ensures all assets of the network are assessed for flaws that could be exploited or contribute to a compromise in other segments of the network. Network administrators will be able to analyze and ensure proper segmentation and access control and modify or remove access for systems to limit exposure. This programmatic approach also enables better metrics for KPI reporting of progress and success to demonstrate near real-time security status more efficiently across the entirety of the network.

Read More: COVID-19 exposing the Cybersecurity Vulnerabilities of Enterprises

ITSW Bureau: What, according to you, is missing today in enterprise vulnerability management strategies?

Mieng Lim: Many enterprises still do not deploy proactive, layered approaches to security. Much of this is due to not having a full understanding of all the assets connected to their network and only focusing on the “critical” assets. They will deploy a single technology (like endpoint protection) and trust the vendor promises that it will prevent them from being hacked. This ignores the fact that just about every compromised network deploys some form of endpoint protection. Attackers and malware know this and have many well-established techniques to circumvent protections.

By understanding the true attack surface of their network and all the assets that contribute, companies will have a better path to locking it down to prevent potential attackers from gaining a foothold contributing to reducing the chances of a breach over and above what any single technology can provide.

Enterprises have to start with asset discovery and inventory as the first step in their vulnerability management program. An incomplete understanding of what assets exist, where they reside, and what services are running on them is an avoidable network security weakness.

ITSW Bureau: Can you describe the major roles played by threat intelligence and visualization?

Mieng Lim: The ultimate goal is to shrink the attack surface, and the key is prioritization. Organizations, regardless of how large or small their security staff are simply unable to address all vulnerabilities that exist, and it would be impractical to do so. It is essential to focus on “what matters.” Weaponized vulnerabilities pose an exponentially higher risk than vulnerabilities that have not or require more skill to leverage, even with the same severity ratings. Knowing whether a vulnerability is exploitable or has been weaponized allows security teams to better focus resources and fix those flaws that pose the highest risk to compromise.

Threat intelligence provides that insight. Threat intelligence adds an additional, very important, prioritization metric. If security teams can focus efforts to fix or mitigate those systems vulnerable to active and emerging threats that present a real-world risk to their organization, they are that much further ahead of attackers.

Read More: Enterprises Are Facing Bot Attacks Owing to Cybersecurity Overconfidence

If we take this one step further, visualization, how connected a vulnerable device is to the rest of the network, improves the ability of the security team to isolate or take other immediate action to contain the flaw. Tools that provide this additional picture can accelerate response times – which are critical when talking about weaponized exploits – by visually showing the impact and potential lateral movement a detonated exploit on a single asset has on the rest of the network.

ITSW Bureau: How important is it for companies to enhance visibility to improve their defenses?

Mieng Lim: Visibility is vital. Enterprises struggle with keeping up with emerging threats. Many tools in the market tout they can provide an “all-in-one” solution; however, every enterprise network is unique. A one-size-fits-all solution just doesn’t work. How can you protect what you don’t know you need to protect?

The recent shift to work-from-home has only exacerbated this challenge. IT teams were (and still are) scrambling to ensure staff has hardware and access to the resources they need securely. With some organizations, we see an expanded and expanding attack surface, including systems that may not be outside of enterprise oversight.

Read More: Patient Data Breach – Cybercriminals Targeting Healthcare Organizations

Enterprises have to leverage the tools available to them.  Vulnerability management, SIEM, endpoint protection, and NAC platforms can expose the risks to their network and how those risks connect to the rest of the network. Without this visibility, security and IT professionals are working with only half the knowledge they need.