Master Risk Control: Pick a Cybersecurity Risk Management Strategy
In our kick-off article for this 8-point guide, we'll begin by discussing most important decision a business can make regarding cybersecurity risk...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
4 min read
Jason Ingalls : Apr 24, 2019 12:00:00 AM
This article is part of our weekly series on how to manage cybersecurity risk for businesses. If you'd like to download the complete 8-Point Guide, click here to sign up and get the entire guide for free!
This week, we'll discuss how to do more with patch management, and the benefits of a mature Vulnerability Lifecycle Management program.
Most businesses today rely on four major cybersecurity risk management controls to protect themselves: antivirus, firewalls, backups, and patch management. We've talked about anti-virus and Advanced Endpoint Protection. Firewalls and backups are not discussed as part of this guide; while they are very important risk management controls, they haven't evolved much in the last decade and businesses should be able to cover these basic tools either with an internal IT expert or team, or a Managed Services Provider. One area that has evolved significantly is the practice of patch and vulnerability management. Ten years ago, Microsoft had finally gotten a handle on getting patches distributed to workstations and servers for most organizations, and today many applications such as web browsers (e.g. Chrome, Firefox, etc.) and application frameworks (e.g. Java, .NET, etc.) have reached that level of capability. This section will explain how to go from the bare minimum with patch management to a more robust vulnerability lifecycle management capability that ensures risks are identified and mitigated.
Most organizations understand how crucial Operating System patches are for Windows workstations and servers, and some even have configured application patching for things like Java, web browsers, and other applications. While this automatic patch management capability can provide bare minimum levels of security, there is an entirely better way to make sure that systems get patched for critical to moderate vulnerabilities, and they get patched within an acceptable timeframe.
Vulnerability scanners such as Nessus and Rapid7 have been around for over a decade now; however, it's surprising how few SMBs have ever had a vulnerability scan of their environment. Using these types of scanners inside a corporate network will uncover more than just missing patches; these scanners can tell you about weak passwords on accounts, misconfigured settings on servers and workstations, as well as applications that have weak security. The reports that they generate are able to guide IT support teams in a prioritized manner so that they can fix the riskiest issues first and work their way down to items that don't pose immediate threats but should be resolved as part of good stewardship.
A full-fledged Vulnerability Lifecycle Management (VLM) process consists of several steps that we outline below:
Vulnerability scans are point-in-time glimpses at the configuration and patch levels of the computers in a network. Therefore, a good VLM process will have scheduled scans occurring frequently (monthly or weekly). New vulnerabilities appear every day and getting an up-to-date view of the network you are protecting should be done by automatic scanning within a certain frequency.
Vulnerability scanners can "enumerate" each computer on your network to see what services they are running and accepting connections for, as well as read the headers on those services to see what version is running. However, a much more powerful version of scanning for vulnerabilities involves providing the scanner with a user account so that the scanner can connect to each computer host and perform analysis on things like registry settings, applications, and sensitive data on the file system.
Once a vulnerability scan has been performed, the output needs to be reviewed, and should be "ticketized" by sorting all vulnerabilities by host, and a trouble ticket entered so that each computer has a list of patches and configuration settings ranked by severity (Critical, High, Moderate, Low, Informational). Ideally, the workflow manager should be connected to an asset inventory tool so that the information about each host is also stored in a way that allows a top-down look at each host to determine what its role is and what sort of risk exists due to its configuration and patch management status. IT support team members should then go about the remediation of each computer, again by criticality. A server that is Internet-exposed and has Critical vulnerabilities should be fixed immediately or taken offline, depending on use case and how sensitive the data is that is being stored, processed, or communicated. A printer that has an old version of SSH enabled but is buried deep within a corporate network would be less important.
After the VLM process has been established, scans have been performed, and vulnerabilities are getting fixed, it's very important to look at the metrics that your workflow manager can show you about the frequency of vulnerabilities, how fast they get fixed, and other important information. Some key questions that metrics should answer include:
In summary, enhancing your patch management process to include vulnerability scanning, a robust remediation workflow, and metrics-based decision support from data collection can do a lot more for your risk management than simply plugging holes whenever a software vendor produces a patch.
If your business or a client needs expert cybersecurity risk management that includes Vulnerability Lifecycle Management, please contact us today to schedule an engagement with Ingalls Information Security!
Join us next week when we discuss our bonus control.This article is part of our weekly series on how to manage cybersecurity risk for businesses. If you'd like to download the complete 8-point guide, click here to sign up and get the entire guide for free! |
In our kick-off article for this 8-point guide, we'll begin by discussing most important decision a business can make regarding cybersecurity risk...
Risk comes from everywhere in our networked world, and organizations are facing yet another growing challenge: cybersecurity vulnerabilities not...
CVE-2021-1675(akaPrintNightmare) is a vulnerability in the built-in Windows “Print Spooler” service. Microsoft released a patch for CVE-2021-1675as