As technologies like IoT take center stage, there are more Internet-connected devices than ever, creating more vulnerabilities than ever. Ransomware attacks such as NotPetya and headline-making breaches like Equifax, show that your security is only as strong as its weakest link. As these attacks continue to dominate the cyber-security space, showing no signs of slowing, it is imperative to understand, identify and mitigate the risk of software vulnerabilities.
Scratching the Surface
A report from Risk Based Security reveals a record-breaking 20,832 vulnerabilities discovered in 2017, marking a 31.0% year-on-year increase. Adobe Acrobat Reader had a whopping 577 vulnerabilities over the past four years. The news is hardly any better for Oracle JDK with 553 vulnerabilities, 32% ranked as critical. These numbers make the 122 vulnerabilities in the Microsoft .NET Framework look like a child’s play, nevertheless, 55% of those vulnerabilities were ranked critical.
Some of the most commonly used software is far more vulnerable to cyber pirates than many realize. As the publicized attacks get all the limelight and attention in the boardroom meetings, other vulnerabilities lurk in the background, hardly getting flagged, leaving machines open to attacks.
Securing Microsoft OSes isn’t Total Vulnerability Control
The sheer volume of vulnerabilities makes it tough for IT professionals to address them all regularly. Most IT time is devoured by fixing Microsoft related issues, while Mac and other third-party software take a backseat. Automating the management of Microsoft patches is the default for current best practices, while only two-third of IT shops pay any heed to managing third-party applications.
This is no surprise. The pattern can be attributed to the fact that managing Mac OS and third-party software updates require IT admins to go the extra mile — sorting through different data sets or setting up separate testing environments. Long story short– IT picks its battles, and in the end, some work simply doesn’t get done, leaving the environment exposed.
Third-Party Software Updates Need Attention — and Need it Now!
If IT wants to move away from the legacy patch management approach to true vulnerability management, they must have three core components:
- Unified Management: The business environment consists of multiple OSes, and each one requiring different work streams for installing, deploying, updating and patching. Add tasks such as sorting through different data sets to determine vulnerabilities and which machines to patch, and where does it all land? On the shoulders of the IT guys. As tremendous and wasteful as this job is, it needs to be done and done right!
IT needs a software management solution that reduces complexity by unifying how software is managed, regardless of platform or application.
- Comprehensive Visibility: Full visibility lets you monitor and spot odd behavior within the environment, enabling the security team to respond quickly in case of a breach, before any real damage is done. Moreover, manually looking across a multitude of interfaces doesn’t cut it in today’s fast-paced IT environment. IT needs a dashboard that aggregates all systems and offers full visibility into the vulnerability landscape.
- Scalable Automation: Automation is not just important, but essential to remaining secure with efficiency. It speeds up things when it comes to risk prioritization and remediation, keeping the security teams on their A-game with accurate, up-to-date, real-time data.
Evolve or Dissolve
It’s that simple. Having a vulnerability mitigation plan to protect your business is always better than having a cyber-pirate discover and exploit a vulnerability. The threat of a breach is beyond your control. However, addressing the risk factors and being prepared beforehand helps IT assess pitfalls and be prepared with an action plan to mitigate the impact.
Read our “Getting Started with Vulnerability Management’ eBook to know more.