Written By Michael Bunyard And Presented By Ziften CEO Chuck Leaver
Having a look through the Cisco 2015 Midyear Security Report, the consensus was that “the bad guys are innovating faster than the security community.” This is not an unique declaration and can be discovered in a lot of cyber security reports, due to the fact that they are reactive studies to past cyber attacks.
If all you do is concentrate on negative outcomes and losses then any report is going to look bad. The truth is that the suppliers that are releasing these reports have a lot to gain from organizations that wish to purchase more cyber security solutions.
If you look carefully within these reports you will discover great pieces of advice that might considerably improve the security plans of your company. So why do these reports not start with this information? Well it’s everything about offering services isn’t it?
One anecdote stood out after checking out the report from Cisco that would be easy for organization security teams to resolve. The increasing vulnerabilities and exploits of Adobe Flash were detailed, and they are being integrated frequently into exploit kits such as Angler and Nuclear. The Flash Player is often updated by Adobe, but a variety of users are sluggish to apply these updates that would supply them with the security that they require. This implies that hackers are making the most of the space between the vulnerability being discovered and the update patch being used.
Vulnerability Management Is Not Solving The Problem
You would be forgiven for thinking that since there are an entire range of solutions in the market which scan endpoints for vulnerabilities that are known, it would be very simple to ensure that endpoints were updated with the current patches. All that is required is for a scan to be run, the endpoints that require updating recognized, run the updates and job done right? The concern here is that scans are only run periodically, patches fail, users will present susceptible apps inadvertently, and the company is now wide open up until the next scan. In addition, scans will report on applications that are installed but not utilized, which leads to considerable varieties of vulnerabilities that make it difficult for an analyst to focus on and manage.
What Is So Easy To Address Then?
The scans have to be run continually and all endpoints monitored so that as quickly as a system is not compliant you will learn about it and can respond right away. Constant visibility that offers real time notification and substantial reporting is the new mandate as endpoint security is redefined and individuals recognize the period of prevention – first is over. Leveraging the National Vulnerabilities Database (NVD), each application that is actually running a recognized vulnerability can instantly be acknowledged, security workers notified, and the patch used. Further, services can try to find suspicious activity from vulnerable applications, like abrupt application crashes, which is a possible sign of an exploit attempt. Finally, they can also discover when a user’s system has not been restarted since the last security patch was available.
There Definitely Is Hope
The bright side about real-time endpoint visibility is that it deals with any vulnerable application (not only Adobe Flash) because, hackers will move from app to app to develop their strategies. There are basic solutions to huge issues. Security teams just have to be warned that there is a much better way of managing and protecting their endpoints. It simply takes the correct endpoint detection and response service.