Written By Michael Bunyard And Presented By Ziften CEO Charles Leaver
Taking a look through the Cisco 2015 Midyear Security Report, the view was that “the bad guys are innovating faster than the security community.” This is not an unique declaration and can be discovered in a great deal of cyber security reports, because they are reactive documents to previous cyber attacks.
If all you do is concentrate on unfavorable results and losses then any report is going to look bad. The reality is that the vendors that are releasing these reports have a lot to gain from companies that wish to buy more cyber security products.
If you look thoroughly within these reports you will find good pieces of advice that could significantly enhance the security plans of your organization. So why do these reports not begin with this information? Well it’s all about offering solutions right?
One anecdote stood out after reading the report from Cisco that would be easy for organization security groups to resolve. The increasing vulnerabilities and exploits of Adobe Flash were detailed, and they are being integrated frequently into exploit packages such as Angler and Nuclear. The Flash Player is often updated by Adobe, however a variety of users are slow to apply these updates that would supply them with the protection that they need. This suggests that hackers are benefiting from the gap between the vulnerability being discovered and the upgrade patch being used.
Vulnerability Management Is Not Fixing The Issue
You would be forgiven for believing that because there are a whole range of services in the marketplace which scan endpoints for vulnerabilities that are understood, it would be extremely simple to ensure that endpoints were updated with the current patches. All that is required is for a scan to be run, the endpoints that require upgrading recognized, run the updates and task done right? The problem here is that scans are just run periodically, patches fail, users will introduce vulnerable apps inadvertently, and the organization is now wide open up until the next scan. Additionally, scans will report on applications that are installed but not used, which results in substantial varieties of vulnerabilities that make it difficult for an analyst to prioritize and manage.
What Is So Simple To Address Then?
The scans need to be run constantly and all endpoints monitored so that as soon as a system is not compliant you will know about it and can react instantly. Constant visibility that provides real time notifying and substantial reporting is the brand-new requirement as endpoint security is redefined and people understand the period of prevention – first is over. Leveraging the National Vulnerabilities Database (NVD), each application that is in fact running a recognized vulnerability can instantly be recognized, security personnel alerted, and the patch used. Further, solutions can search for suspicious activity from vulnerable applications, like sudden application crashes, which is a possible indication of an exploit attempt. Lastly, they can likewise find when a user’s system has not been restarted since the last security patch was available.
There Certainly Is Hope
The bright side about real-time endpoint visibility is that it deals with any susceptible application (not just Adobe Flash) because, hackers will move from app to app to evolve their techniques. There are simple solutions to big issues. Security teams just have to be informed that there is a better way of handling and protecting their endpoints. It simply takes the proper endpoint detection and response service.