Written By Michael Bunyard And Presented By Ziften CEO Chuck Leaver
Having a look through the Cisco 2015 Midyear Security Report, the consensus was that “the bad guys are innovating faster than the security community.” This is not an unique declaration and can be found in a great deal of cyber security reports, due to the fact that they are reactive documents to past cyber attacks.
If all you do is focus on unfavorable outcomes and losses then any report is going to look negative. The truth is that the vendors that are releasing these reports have a lot to gain from organizations that want to purchase more cyber security products.
If you look thoroughly within these reports you will discover excellent pieces of guidance that might considerably improve the security arrangements of your organization. So why do these reports not begin with this information? Well it’s everything about selling solutions isn’t it?
One anecdote stood out after checking out the report from Cisco that would be simple for company security teams to deal with. The increasing vulnerabilities and exploits of Adobe Flash were detailed, and they are being incorporated frequently into exploit kits such as Angler and Nuclear. The Flash Player is regularly updated by Adobe, however a variety of users are sluggish to apply these updates that would offer them with the protection that they need. This means that hackers are taking advantage of the space between the vulnerability being found and the upgrade patch being applied.
Vulnerability Management Is Not Fixing The Issue
You would be forgiven for believing that due to the fact that there are a whole range of solutions in the market which scan endpoints for vulnerabilities that are known, it would be very easy to make sure that endpoints were updated with the current patches. All that is needed is for a scan to be run, the endpoints that need upgrading identified, run the updates and task done right? The concern here is that scans are only run from time to time, patches fail, users will introduce vulnerable apps inadvertently, and the organization is now wide open up until the next scan. Additionally, scans will report on applications that are installed but not used, which results in significant varieties of vulnerabilities that make it difficult for an analyst to focus on and control.
What Is So Easy To Address Then?
The scans need to be run constantly and all endpoints monitored so that as soon as a system is not compliant you will learn about it and can respond right away. Constant visibility that supplies real time alerting and comprehensive reporting is the new requirement as endpoint security is redefined and people realize the era of prevention – first is over. Leveraging the National Vulnerabilities Database (NVD), each application that is in fact running a known vulnerability can quickly be acknowledged, security workers alerted, and the patch used. Additionally, solutions can search for suspicious activity from susceptible applications, like unexpected application crashes, which is a possible sign of an exploit effort. Lastly, they can likewise detect when a user’s system has not been restarted since the last security patch was available.
There Definitely Is Hope
The good news about real-time endpoint visibility is that it works on any vulnerable application (not just Adobe Flash) because, hackers will move from app to app to progress their techniques. There are simple solutions to huge problems. Security groups just have to be informed that there is a better way of managing and securing their endpoints. It simply takes the correct endpoint detection and response system.