Ok, so you survived the Heartbleed bug, a critical vulnerability that affected all internet applications using OpenSSL. But Heartbleed isn’t the last you’ll hear of widespread internet risk—just last week, Homeland Security issued an advisory against using Internet Explorer due to a flaw in the browser that puts it at serious risk.
While it'd be ideal to encrypt all internet communication, we all know that won’t happen any time soon. So in addition to frantic patching and changing passwords, what are other remedies that can help stop the bleeding instead of relying on a band-aid solution?
Here are five tips to identify system exposures quickly and take the appropriate action:
- Gather intel on the threat landscape
Being proactive is key here. You should always gather information relating to both internal and external threats. This should not be limited to simply scanning active services and identifying rogue devices on the network, but also defining threat scenarios and subscribing to timely alerts from credible sources such as the United States Computer Emergency Readiness Team (US-CERT) on the latest exploits, vulnerabilities or security issues. If you rely on a managed security service provider, you should make sure their patch fixes are released in time to address the vulnerabilities.
- Implement a lifecycle approach to manage vulnerabilities
You should have an end-to-end process for handling vulnerabilities, from identification through reporting and closure. There should be clearly defined procedures with outlined roles and responsibilities within each stage of vulnerability management, so that the process is executable for all impacted parties. The procedure should also avoid single point-of-failures to ensure timely response.
It’s equally imperative to incorporate security design early into your system development lifecycle to ensure that the most efficient and effective path to get something done is also the most secure.
- Leverage technologies for vulnerability management
With the increased sophistication of the cyber attacks, it’s no longer sufficient to rely solely on social engineering or manual techniques for vulnerability management. Think like a hacker here: there are hacking software, attack profiles, exploit scripts and programs, and hacker tips, tricks and techniques that can help you gain transparency into vulnerabilities within your infrastructure and applications. Once the vulnerability is identified, you should also leverage technologies to enable a standardized approach to track, remediate, and report vulnerabilities. Automating remediation workflows or displaying vulnerability dashboards can significantly improve vulnerability response speed and consistency.
- Establish enterprise-wide vulnerability awareness & training
Appropriate security awareness training across your organization is a key way to reduce vulnerabilities. An effective security communication should consider various channels for communication and escalation of security issues. This should not just focus on developers who perform software development and maintenance, but also general users who play a role in helping to combat attacks.
- Integrate vulnerability management into Risk Management and IT processes
Vulnerability management is not a standalone process, and it should be integrated into various IT and Risk Management processes. You should ensure vulnerability requirements are aligned and integrated into IT or security operations, such as incident management or patch management.
Additionally, always take a risk-based approach by performing a risk impact analysis on security vulnerabilities to determine the remediation action. It probably doesn’t make sense to bring the server down for a few hours to apply a patch if the vulnerability introduces very little into your network. This will help you prioritize resources and minimize operational impact. Further, good security architecture can help to mitigate data breach. The implementation of firewalled security zones and segmented networks can ensure that the entire network is not accessible if your private network is breached.
Given the proliferation of advanced attacks, don’t wait for the next event to happen to revamp your vulnerability management practices. Take these proactive five steps and you might find yourself bleeding less next time around.