- Unpatched known security vulnerabilities are the main gateway for attackers.
- Forgotten endpoints are ripe targets.
- Automation and data-science are important assets for helping to prioritize threat and vulnerability patching efforts.
A Worldwide Treasure Hunt
Geocaching is a worldwide hobby where players use their phone or a GPS device to hunt down small containers, often while hiking or exploring city streets. Starting with the GPS coordinates of the box, you have to find the location of the cache. Once in the right location, you have to observe details to try and find the container. It might be hidden in plain sight in a false magnetic bolt, hung on a tree branch or under a rock. Searching for geocaches is a great hobby that makes you look at your environment from a different angle. The location you’ve passed hundreds of times might actually hold a geocache! And with millions hidden worldwide, odds are good that wherever you go, there is a cache there.
What makes this hobby easier is that you know for sure there’s a cache waiting for you in a certain area. If you had no GPS coordinates and had to search blindly, finding a geocache would be almost impossible. Let’s talk now about a different type of location-based treasure hunt, this time used with criminal intent: hacking.
Known Security Vulnerabilities: Open Gateways to the Infrastructure
Your sensitive data is like a hidden geocache for a threat actor. Their goal is to get inside corporate networks to extract the data or cause disruptions in the service. Instead of plastic containers, they are looking for vulnerabilities: known security flaws in operating systems, outdated software, security misconfigurations or web application vulnerabilities, among others. Threats and vulnerabilities are disclosed security weaknesses which are usually known, and more often than not, quickly patched by the vendors or the open-source community to ensure that users of such products and libraries can keep their trust. But for hackers, such vulnerabilities are documented techniques on how to leverage unpatched systems. In 2020, the U.S. CERT Vulnerability Database recorded a record number of vulnerabilities for the fourth consecutive year – 17,447. When a threat actor is aware that the endpoint is outdated, vulnerabilities databases are a rich source of the techniques needed to exploit that asset and cause operational damage.
Vulnerability Scans Identify Potential Security Issues
Thankfully, there’s a solution for that. Vulnerability scans will help identify such security issues and will provide remediation recommendations against these known exploits. With a good patching regimen, a solid discipline to keep all existing systems updated, the risk is drastically lowered.
Of course, there’s a ‘but.’ Patching systems is hard, manual work, but threat and vulnerability management is too important to ignore. Nobody likes going to the dentist or flossing, but we all know it’s needed for good hygiene. Patching can bring disruptions to operations and can take precious time from the IT or developers’ cycles. During that time, they don’t bring new features for customers, improve the functionality of the network, or clean things up. But fixing security flaws is a necessary evil. And the longer you wait, the costlier it can get.
Patching is great when you have thoroughly catalogued all your devices. But the fact is, most organizations don’t work this way. Devices are frequently forgotten, whether it’s the IoT device that was installed a few years ago that quietly does its job, the test web application that was set up and never taken down, or the mail server that wasn’t decommissioned after the administrator left the company. These devices, just like all the others in the organization, will be piling up vulnerabilities. Nobody thinks about them when it’s time for Patching Tuesdays. But these lost devices can be prime targets for attacks. Isolated, out of sight, out of mind, they can offer wide open backdoors into an organization’s network.Taegis™ Vulnerability Detection and Response (VDR)
Taegis VDR helps you solve many of the challenges mentioned above.
Asset Auto Discovery: With minimal set up and configuration, VDR is able to detect on a daily basis all devices in the network and let administrators know when a new device is found on the network.
Automated Scans: VDR will automatically apply a scanning schedule so your knowledge of device vulnerabilities is up to date. Knowing a device and its vulnerabilities solves a big part of the problem, since organizations are now aware of the potential risk and can address it.
Contextual Prioritization: One of the more difficult aspects of VM is simply understanding which vulnerabilities to patch first. Just because a major piece of software has a vulnerability, doesn’t mean your organization is at high risk. Context is key. This is why VDR offers AI-driven contextual prioritization based on your unique situation, so that you can understand which vulnerabilities need fixing. VDR uses AI to analyze more than 40 external and internal contextual factors to identify where you should act first. AI can help you automate and improve vulnerability management, helping efficiently reduce both risk and the manual burden of VM.
Geocaching would be a boring hobby if it was easy. It’s the search that is fun. But looking for a tiny cache in a huge territory would be wasting your time. Don’t make the attacker’s job easy by leaving things out in the open with known vulnerabilities. A good vulnerability management program is the first and most essential step in deterring the attackers, while keeping your organization protected and efficient.
An automated vulnerability management solution like Taegis VDR makes your life easier and the attackers' job much harder.