Chuck Leaver – There Is Nothing More Important Than Vulnerability Lifecycle Management

Written By Dr Al Hartmann And Presented By Chuck Leaver

 

The following headline struck the news last week on September 7, 2017:

Equifax Inc. today announced a cyber security occurrence possibly affecting around 143 million U.S. consumers. Crooks made use of a U.S. site application vulnerability to access to certain files. Based on the business’s examination, the unapproved access occurred from the middle of May through July 2017.

Lessons from Past Debacles

If you like your job, value your role, and dream to keep it, then don’t leave the door open up to assailants. A major data breach frequently starts with an un-patched vulnerability that is readily exploitable. And after that the inevitable takes place, the malefactors are inside your defenses, the crown jewels have left the building, the press releases fly, costly consultants and external legal counsel rack up billable hours, regulators descend, suits are flung, and you have “some severe ‘splainin’ to do”!

We are unsure if the head splainer in the existing Equifax debacle will make it through, as he is still in ‘splainin’ mode, asserting the breach began with the exploitation of an application vulnerability.

In such cases the typical rhumba line of resignations is – CISO first, followed by CIO, followed by CEO, followed by the board of directors shakeup (specifically the audit and business responsibility committees). Do not let this happen to your professional life!

Steps to Take Now

There are some commonsense steps to take to prevent the unavoidable breach disaster arising from unpatched vulnerabilities:

Take stock – Inventory all data and system assets and map your network topology and connected devices and open ports. Know your network, it’s segmentation, what devices are connected, exactly what those devices are running, what vulnerabilities those systems and apps expose, what data assets they access, the sensitivity of those assets, what defenses are layered around those assets, and exactly what checks are in place along all potential access paths.

Improve and toughen up – Carry out best practices suggestions for identity and access management, network division, firewall program and IDS configurations, os and application configurations, database access controls, and data file encryption and tokenization, while streamlining and trimming the number and intricacy of subsystems throughout your business. Anything too complex to handle is too complicated to protect. Choose configuration hardening heaven over breach response hell.

Continually monitor and scrutinize – Regular audits are necessary but insufficient. Continually monitor, track, and assess all appropriate security events and exposed vulnerabilities – create visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability direct exposure, every script execution, every command issued, every networking contact, every database transaction, and every delicate data access. Any gaps in your security event visibility develop an enemy free-fire zone. Establish crucial efficiency metrics, monitor them ruthlessly, and drive for ruthless enhancement.

Do not accept functional reasons for insufficient security – There are constantly safe and secure and effective functional policies, but they might not be pain-free. Not suffering a devastating data breach is long down the organizational discomfort scale from the alternative. Functional expedience or running traditional or misaligned top priorities are not legitimate excuses for extenuation of bad cyber practices in an intensifying threat environment. Make your voice heard.