Wrapping up CSAM 2022 with Vulnerability Management Advice for EveryoneChris Jacob
As we wrap up Cybersecurity Awareness Month (CSAM) 2022, the final topic we’ll cover is updating software and patching vulnerabilities. According to the 2022 Data Breach Investigations Report (DBIR) from Verizon one of the top paths threat actors use to infiltrate organizations is exploiting vulnerabilities. And there appears to be no end in sight as the number of unique security vulnerabilities rose almost 10% in 2021, up to 20,142 from 18,351 in 2020.
Vendors have made it relatively easy for individuals to protect themselves from hackers looking to exploit vulnerabilities, but the challenge for organizations to stay ahead of vulnerabilities and patch those that matter most have a more difficult task. That’s where the ThreatQ Platform can help. Below are a few recommendations for both groups.
Tips for individuals
As a security professional, take the opportunity this month to remind colleagues, family and friends of two simple practices they should be diligent about that can help them mitigate risk.
- Update applications and systems. Technology vendors are doing their best to keep users safe, issuing patches and updates regularly. Stay current with these security settings by turning on automatic application updates when available. Two examples are Microsoft and Google Chrome. Then shutdown systems every night and enable updates when prompted. This applies to phones and other smart devices too. Accept the automatic system updates when prompted and keep phones plugged in and turned on at night to process updates during less busy times.
- Download apps from official stores. Be savvy about sources that provide apps for download. Google and Apple vet applications and ensure they meet privacy and security requirements, so stick to apps and games that are available in these stores instead of downloading them from sites you don’t know, trust or haven’t interacted with before.
Tips for security professionals
For security teams charged with vulnerability management the task is not nearly as straightforward. It is simply impossible to patch and mitigate every vulnerability present in an enterprise network, leading teams to prioritize mitigation based on limited and inward-facing data such as:
- Server versus workstation
- Employee role
- Asset criticality
- Vulnerability score
- Patch availability
Despite this level of prioritization, patching remains extremely time-consuming and has limited effectiveness because it does not take into account knowledge of how that vulnerability is actively being exploited in the wild, and the risks associated by those adversaries leveraging it to infiltrate a company’s specific environment.
Since a vulnerability is only as bad as the threat exploiting it and the impact on the organization, security teams must take a data-driven approach to prioritizing vulnerabilities with knowledge about how vulnerabilities are being exploited. ThreatQ allows security teams to focus their vulnerability management resources where the risk is greatest through the following three steps:
- Understand the threats and which vulnerabilities threat actors are leveraging to determine relevance to the organization’s environment and prioritize which vulnerabilities to address first. For example, a vulnerability related to a specific adversary campaign and indicators of compromise (IoCs) that have been seen in an organization’s SIEM and/or ticketing system should be addressed immediately. A vulnerability that has related threats and IoCs but they have not been known to target the organization’s specific industry should be watched but is a lower priority. A vulnerability with no known adversaries using it or associated IoCs may indicate it is not being exploited in the real world yet and can be deprioritized for now.
- Overlap adversaries that target the company with the common vulnerabilities and exposures (CVEs) adversaries use, their historical victimology targets, as well as vulnerability scan results for those targets to create a superior risk profile.
- Reassess and re-prioritize on a continuous and ongoing basis as adversaries change tactics, techniques, and procedures (TTPs), systems and applications evolve, and their usage within the organization’s environment changes as well.
ThreatQ drives a number of benefits, including efficiency gains as high as 90%, for teams engaged in vulnerability management. Based on industry research and our experience working with multiple clients, we calculated the ROI of using the ThreatQ Platform for vulnerability prioritization and found an annual cost savings of more than $186,000—enough to produce a positive ROI and short payback periods after factoring in the cost of a ThreatQ license.
Working together, security professionals and individuals can mitigate the risk of threat actors exploiting vulnerabilities to gain access to high-value data and systems. To learn more about how the ThreatQ Platform can help automate prioritization of vulnerabilities to accelerate patching and deliver significant ROI, download our latest whitepaper .