It’s time for a smarter approach: threat-centric vulnerability management
As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. In February 2017, Tavis Ormandy of the Google Project Zero team exposed major memory leakage in Cloudflare’s Content Delivery Network (CDN) web caching services. It exposed all sorts of sensitive data, including passwords, authentication tokens and cookies. Although this is just one example of a cloud-oriented service with a major security issue (which, for the record, the company responded to immediately and remediated quickly), it demonstrates that all of us may have more exposure points than we realise.
Vulnerabilities and their exploitation are still the root cause of most breaches. IT security leaders should refocus their attention on how vulnerabilities are being managed and should track this metric to provide visibility as to how to reduce the biggest risks of being breached.
To deploy resources in the right place, in the right way, vulnerability management teams need to know the intersection of vulnerabilities, network context and the threat landscape.
If the WannaCry ransomware attack taught us anything, it’s that traditional vulnerability management techniques aren’t protecting businesses from today’s threats. TCVM is a new approach, giving true visibility of an organisation’s risks. Use information from your network and current threats to prioritise vulnerabilities with precision. Take action immediately against your biggest threats, systematically reduce your attack surface and get more value from your team and technology.
Your approach to vulnerability management may be putting your organisation at greater risk. Just dealing with vulnerabilities that a vendor said were “critical” isn’t enough and may still leave you susceptible to an attack. Attackers are embracing ransomware and other forms of distributed cybercrime made readily available as packaged exploit kits and services on the dark web. These attacker tools target low–hanging fruit by exploiting a surprisingly small number of vulnerabilities, many of which wouldn’t be tagged as a high priority in a purely vulnerability–centric approach.
When it comes to vulnerability management, security leaders continue to struggle to identify which of the thousands — even millions — of vulnerabilities in their environment are actu-ally putting the organisation at risk. Traditional approaches don’t take into account all factors that influence vulnerability risk. This leaves security teams wasting resources on issues attackers may never find or want to exploit.