The constantly evolving threat landscape is now changing quicker than ever. Organisations simply can’t afford to make the mistake of believing they can stay safe with a fixed approach to cyber-security – while IT systems may be secure today, a new critical vulnerability could be discovered and exploited by hackers tomorrow. Unfortunately for IT and security teams, cyber-criminals have access to the same software updates, patches, security advisories and threat bulletins as they do. But, instead of using them to keep systems secure, hackers use this continuous stream of information to exploit the period between the identification of a new vulnerability and its remediation.
Once a threat actor has discovered a new critical vulnerability that can be exploited, the clock is ticking. The longer it takes for businesses to implement the relevant patches, the higher the risk becomes. On average, a hacker can create a functional exploit in 22 days, and 50 per cent of exploits occur within 14-28 days of patch availability. IT and security teams must approach vulnerability management as a continuous process that can always be improved. Otherwise, business infrastructure is at risk of being infiltrated as hackers can find and exploit vulnerabilities at a faster rate than IT teams can patch them.
According to the Center for Internet Security (CIS), continuous vulnerability management is the effort to “continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimise the window of opportunities for attackers”, and is one of an organisation’s basic controls. However, significant time and resources are needed to create a strong patching process, and there is a lot of manual work that takes place between vulnerability identification and when a software update can be deployed.
Both of these can become hurdles in creating an effective continuous vulnerability management programme. For example, delays can be caused when the security team provides a lengthy vulnerability report, which IT teams have to use to de-duplicate and map common vulnerabilities and exposures (CVEs) to patches, as well as research and test them before rolling them out. IT teams must also select patches to prioritise, which can cause backlogs and delays within the vulnerability management process.
Joining the dots between IT and security with automation
It’s no secret that IT and security teams have different priorities, which often causes them to operate in siloes, resulting in a lack of communication. The best way to expedite the patching process is to foster effective collaboration between the two functions, which in turn facilitates the creation of a successful continuous vulnerability management framework. A vulnerability assessment provided by the security team could contain thousands of CVEs, meaning that IT teams would waste valuable time manually translating these security reports into updates to improve security systems. This further increases the time between vulnerability identification and deploying the patch, during which an organisation could be easily compromised by threat actors.
Automation is key in bridging the gap between IT and security, and freeing up valuable time and resources. Automated solutions can empower IT professionals by taking care of tedious manual tasks such as sifting through threat reports and translating CVEs into updates. By implementing an automated CVE-to-patch import solution, IT teams can reduce the patching process from hours to minutes. This kind of solution can map the patches related to CVEs and create a list of updates that the IT team can approve and use to resolve any vulnerabilities in the business environment. This empowers the IT team by giving them back valuable time and allowing them to focus their energy elsewhere where it’s needed.
Automated solutions are also vital in combining patch data with patch reliability and security metrics. This can help augment the rollout of updates, by providing insights that would otherwise require a significant amount of manual effort to achieve. Automated tools can also provide the ability to identify which patches need additional testing as well as determining the reliability of updates and how quickly they can be rolled out.
A continuous and seamless vulnerability management framework is reliant on clear and constant communication between IT and security. However, IT and security pros are often speaking different languages when it comes to cyber-security. To mitigate this issue, businesses must implement a consistent patch-management programme that is underpinned by automated solutions. This is vital in ensuring that these invaluable teams can collaborate to achieve a truly continuous vulnerability management and remediation programme.
Join the webinar here.
By David Shepherd, Global VP of Sales Engineering, Ivanti