Share with Your Network
One of my favorite quotes of all time is the definition of insanity. While there are several variations, they all boil down to doing the same thing over and over again but expecting different results. While these words can certainly apply to a wide range of topics, for me they are particularly reflective of the behaviors of most security professionals. It’s time for us to break out of this cycle.
Since the beginning of cyber warfare, cyberattacks have always followed the same path. It all starts with the introduction of a vulnerability—whether through faulty code, or errors in the specific configuration or deployment of hardware or software. Then some of those vulnerabilities will have exploits written against them—and some of them will become events.
Attacks cannot deviate from this path. But even though the path is well known, security professionals continue to spend the vast majority of their time, effort, and energy at the very end of this chain.
The main problem with this approach is that it’s highly reactive; you’re essentially waiting until the attack comes to you before you take any action. This then throws IT and security teams into panic mode and is frequently responsible for lost productivity for the entire organization.
But what if, rather than waiting for the threat to hit your network, you were able to adopt a proactive strategy and address the root of the problem? To steal a term from DevOps, what if you were to “shift left” on the cyberattack path and focus on remediating the vulnerabilities—long before an attack can even occur?
Moving to a modern vulnerability management approach is essentially a three-step process. First, you need to decide that it’s time to shift your focus to the root of the problem, rather than chasing after the never-ending list of symptoms. This means focusing the majority of your security efforts on proactively remediating your vulnerabilities, rather than waiting for and reacting to attacks after they occur. To do this you need to truly understand your security data and transform it into actionable intelligence. In real terms, this requires you to correlate your existing scanner data with a variety of external and additional internal security data sources to help you make better decisions.
Due to the sheer amount of data involved, coupled with the speed with which decisions need to be made, automation is key in the new model, so that you can quickly understand, correlate, and disseminate the intelligence you’ve gained. Automation can perform in seconds what it would take a human hours or even days to complete, and it can scale to well beyond what a team of humans could ever do.
The second step is figuring out how to get the most out of your remediation efforts by gaining a comprehensive understanding of the specific amount of risk each vulnerability poses to your organization. Then you can determine which ones need to be remediated first, and even those that don’t need to be remediated at all. Since the overwhelming majority of vulnerabilities pose little to no risk, you want to find that proverbial ‘needle in the haystack’ to focus your time, effort, and energy on the relative few that will actually help you reduce your overall risk. By understanding which vulnerabilities pose the most risk to your organization, you can maximize the effectiveness and the efficiency of your security teams.
And finally, you need to automate ahead of the threat by taking a predictive security posture. In other words, by the time you get the intelligence on a new CVE, you’re already in a race with the adversaries, because they have access to the same public information you do. To get ahead, you have to predict the future based on past intelligence, using a proven predictive model. By doing this, you can determine a new vulnerability’s level of priority on the day it’s announced, thereby effectively getting ahead of the attack.
By getting out of the same old routine and shifting from a traditional reactive approach to risk to one that is truly proactive, you’ll be able to dramatically improve the efficiency and effectiveness of your limited security resources and focus the entire team on what really matters most—reducing the overall risk to your organization.
To get even more details on this new approach to cybersecurity, join my webinar on Tuesday, October 23rd.
