Hackers and security researchers often find ways to exploit software in different ways, these exploits are considered vulnerabilities. Some exploits reveal sensitive data while others allow complete access to a system. Vulnerability Management deals with the protection against exploits and consists of multiple approaches. Reducing the exposure to these exploits and mitigating their effects prevents your system from being attacked and compromised. A compromise may be silent exfiltration of your most sensitive data. It may also be a ransomware attack where all of your critical files are encrypted and require a ransom to unlock them. Or it may be taking over your systems to act as a botnet for attacking other computers. Even if the compromise affects easy to restore data that is inconsequential to your business, the actual compromise may affect your corporate image.
Patch Management consists of comparing the versions of software that you have installed on your computers to the latest released versions. When a software manufacturer discovers a vulnerability or a bug, they fix the flaw and release a patch. Many IT shops focus on Operating System patches but fail to patch 3rd party software; this leaves a giant hole in your security posture; Managed Security Service Providers (MSSPs) focus on a holistic approach and identify and patch those 3rd party software packages. Common 3rd party software are applications like Adobe Reader, Intuit Quickbooks, and Chrome web browser.
0-day exploits are vulnerabilities where the vendor has not yet provided a patch to prevent the exploit. These attacks are the most critical because of the lack of patches so we must mitigate the vulnerability. We do this in a way that the overall impact (what damage it can cause) or likelihood (the probability that it can be exploited on your systems) is reduced to as near zero as possible. We do this with security configurations; that is we configure your Operating Systems and 3rd party applications in a way that if they are exploited the harm they can cause is reduced or mitigated. Common security configurations include limiting who has Administrator access to each computer, requiring complex passwords that are changed frequently and e-mail protections that prevent malicious emails.
Continuous monitoring as a practice includes more than just vulnerability management, we’ll discuss just the vulnerability management portion of continuous management here. It’s pretty much exactly how it sounds, continuously monitoring the security configurations, software, and patches to identify weaknesses. We do this by installing a vulnerability management monitoring tool that periodically (usually daily) scans your computers for security configurations and patch levels. Additionally, we monitor your systems critical files for changes, this allows us to find more advanced attacks that may have slipped past all of the other defensive systems, as well as determine the level of damage that may have been caused.
Almost every Managed Service Provider offers some form of cybersecurity, and if asked they will tell you it is quite adequate to keep you from getting hacked; however, if it’s not a defense-in-depth strategy with a holistic approach then it has the potential to leave you with gaping holes that are left unattended. If consumer trust in your brand image is something that is important to you, or if you have vital intellectual property then you will want to work with an MSSP to ensure that you’re fully protected.