When it involves patching endpoints, systems and sensors across an enterprise, complacency is deadly.
For many IT and security teams, this implies months of labor attempting to recuperate from a security breach that would have been avoided.
For CISOs and CIOs, it’s a lack of credibility and profession damage in the event that they allowed a security breach to occur under their watch that would have been avoided. And for the board and CEO, there’s the responsibility they need to take for a security breach, especially when it’s a publicly traded US company.
Attackers are increasingly capable of find unpatched systems
There is a booming market within the Dark Web for the newest kits and tools to discover systems and endpoints that are usually not properly patched and have long-standing Common Vulnerabilities and Exposures (CVEs).
IP scanners and exploit kits that focus on specific CVEs related to widely used software in organizations are sold by cybercriminals on the dark web. Exploit kits are continuously updated with latest vulnerabilities, a key selling point for attackers seeking to goal systems that lack current patches to remain protected.
CYFIRMA confirmed that it found exploit kits for popular software, including Citrix ADC, Microsoft Streaming Service Proxy and PaperCut. However, the investigation also shows that offering patches after a significant CVE breach only partially effective.
Attackers proceed to make use of long-known Vulnerabilities in CVEsknowing that organizations with vulnerable CVEs have likely not patched them for a yr or more. A recent report finds that 76% of the vulnerabilities currently exploited by ransomware groups were first discovered between 2010 and 2019.
Unpatched systems are open doors for devastating cyber attacks
VentureBeat has learned that small and mid-sized manufacturers within the Midwest had their systems hacked resulting from failure to put in security patches. One of those manufacturers had its accounts payable systems hacked, with attackers redirecting ACH accounts payable entries to redirect all payments to fraudulent, untraceable offshore accounts.
It isn’t only manufacturers who’re affected by cyber attacks that start with patches which can be outdated or not installed in any respect. On May 13, town Helsinki, Finlandsuffered an information breach when attackers exploited an unpatched vulnerability in a distant access server.
The infamous Colonial Pipeline ransomware attack was attributed to an unpatched VPN system that also had not activated multi-factor authentication. Attackers used a compromised password to realize access to the pipeline's network through an unpatched system.
For state attackers, it’s a further concern to maintain their attacks as undetected as possible with the intention to achieve their espionage goals, including spying on Emails from executives like Russian attackers inside MicrosoftTheft of latest technologies or Source code This can last for months or years and is common.
A fast first success: bringing IT and security as much as the identical level with the identical urgency
Ivantis latest state of cyber security report finds that 27% of security and IT departments are usually not aligned on their patching strategies and 24% disagree on patching cycles. When security and IT are usually not on the identical page, it becomes even harder for overburdened IT and security teams to prioritize patch management.
Six out of ten Violations are related to unpatched vulnerabilities. The majority of IT managers who’ve Ponemon Institute survey60% of respondents said that a number of of the safety breaches could have been resulting from a patch being available for a known vulnerability but not being applied in a timely manner.
IT and security teams postpone patch management until an intrusion or security breach attempt occurs. Sixty-one percent In most cases, an external event triggers a patch management activity in a company. Since IT teams are already overloaded with priorities, they need to put other projects that would have revenue potential on hold. Fifty-eight percent In most cases, it’s an actively exploited vulnerability, forcing IT to only install patches reactively. 71 percent of IT and security teams say this is simply too complex, cumbersome and time-consuming.
Fifty-seven percent of those IT and cybersecurity professionals say distant work and distributed workspaces make patch management even harder.
Patch management vendors speed up AI/ML and risk-based management
AI/Machine Learning (ML)-based patch management provides real-time risk assessments and instructs IT and security teams to prioritize crucial patches first.
The GigaOm Radar for Patch Management Solutions Reportcourtesy of Taniumhighlights the unique strengths and weaknesses of the leading patch management vendors. Its timeliness and depth of insights make it a remarkable report. The report covers 19 different vendors.
“CISOs and security leaders need to grasp how all of their systems and processes impact their proactive security program,” Eric Nost, principal analyst at Forrester, told VentureBeat. “So my advice is to begin with visibility – do you understand your environment, the assets inside it, the control environment, and the impact if those are compromised? From there, CISOs can begin to implement a comprehensive prioritization strategy – with patch management and responding to those compromises because the last step.”
“Good patch management practices in the present global environment require identifying and mitigating the basis causes of cyberattacks,” said GigaOm analyst Ron Williams. “Patch management also requires the fitting tools, processes and methodologies to mitigate security risks and support the functionality of the underlying hardware or software. Patch prioritization, testing, deployment tracking and verification are all parts of sturdy patch management.”
Leading vendors include Automox, ConnectWise, Flexera, Ivanti, Kaseya, SecPod and Tanium.
“Our goal is to eliminate Patch Tuesdays. Essentially, stay one step ahead of your threats and vulnerabilities by leveraging Tanium's Autonomous Endpoint Management,” said Tanium CEO Dan Streetman CRN End of last yr.
Ivanti's Neurons for Patch Management reflects the longer term direction of risk management by providing IT and security with a standard platform that prioritizes patches based on vulnerabilities and internal compliance policies, in addition to a centralized patch management system that offers IT and security teams visibility into threats and vulnerabilities.
In a recent interview with VentureBeat, Srinivas Mukkamala, Chief Product Officer at Ivanti, explained, “Awareness of the potential threats posed by vulnerabilities, including those currently being exploited in cyberattacks, helps organizations take a proactive slightly than reactive approach to patch management.”
Cunningham's five-point plan that each company can implement to enhance patch management
VentureBeat recently had the chance to take a seat down (virtually) with Chase Cunningham, a renowned cybersecurity expert who currently serves as Vice President of Security Market Research at G2 and is sometimes called Dr. Zero Trust.
Cunningham has over twenty years of experience in cyber defense and is a number one advocate for stronger patch management practices. He also actively supports various government agencies and personal sector organizations in adopting Zero Trust security frameworks. He previously held key roles including Chief Strategy Officer at Ericom Software and Principal Analyst at Forrester Research, where he was instrumental within the industry's understanding of Zero Trust principles.
When asked for an example of where AI-driven patch management is delivering results, Cunningham told VentureBeat, “One notable example is Microsoft's use of AI to enhance its patch management processes. By using machine learning algorithms, Microsoft was capable of predict which vulnerabilities were most definitely to be exploited inside 30 days of their discovery, allowing patches to be prioritized accordingly.” He added, “This approach has significantly reduced the danger of successful cyberattacks on their systems.”
Here is Cunningham’s five-point plan, which he recently shared with VentureBeat during our interview:
- Use AI/ML tools: To avoid falling behind in patch management, CISOs should put money into AI/ML-powered tools that may automate the patching process and prioritize vulnerabilities based on real-time risk assessments.
- Adopt a risk-based approach: Instead of treating all patches the identical, take a risk-based approach to patch management. AI/ML can assist you to assess the potential impact of unpatched vulnerabilities in your organization's critical assets, allowing you to focus your efforts where they matter most. For example, vulnerabilities that could lead on to data leaks or disrupt critical operations ought to be prioritized over vulnerabilities with lower impact.
- Improve visibility and accountability: One of the largest challenges in patch management is keeping track of all endpoints and systems, especially in large, distributed organizations. AI/ML tools can provide continuous monitoring and visibility, ensuring no system or endpoint goes unpatched. Additionally, establishing clear responsibilities inside your IT and security teams for patching might help ensure patches are applied in a timely manner.
- Automate wherever possible: Manual patching is time-consuming and error-prone. CISOs should attempt to automate the patch management process as much as possible. This not only quickens the method, but additionally reduces the prospect of human error that may result in missed patches or incorrectly applied updates.
- Test and validate patches often: Even with AI/ML tools, it will be important to often test and validate patches before deploying them across the organization. This avoids disruption attributable to faulty patches and ensures that the patches effectively address the intended vulnerabilities.
When it involves patching, one of the best offense is a superb defense
Mitigating risk starts with a robust patch management defense that may flexibly adapt to business changes.
It's encouraging to see that CISOs see themselves as strategists, specializing in how they will protect revenue streams and supply infrastructure support for brand spanking new ones. CISOs are beginning to search for more ways they might help increase revenue, which is an ideal strategy for his or her careers.
The bottom line is that the danger to revenue is larger than ever. It is as much as CIOs, CISOs and their teams to get patch management right to guard all existing and latest revenue streams.
