Advertisment

When elastic infrastructure makes Vulnerability Management a tricky job...

author-image
Soma Tah
New Update
best-practices

Manoj Taskar

Advertisment

The global WannaCry ransomware attack is an unfortunate example of organizations left exposed by unpatched, known vulnerabilities. While the damage of this cyber-attack is serious and widespread, it’s not a one-off occurrence. This type of threat represents the new normal of today’s fast-paced security landscape, and many organizations are struggling to keep up.

Vulnerabilities can exist in all sorts of unexpected corners. Identifying, assessing and eliminating vulnerabilities has become increasingly difficult in today’s dynamic and complex technology landscape. Worst still, hackers often take the time to know the networks better than the people who manage them, and exploit the easy things like known unpatched vulnerabilities and lax passwords, access and credential management.

As organizations embrace public cloud, mobile, DevOps and IoT, chief information security officers (CISOs) find it challenging to deal with the changing threat landscape and new elastic assets.

Advertisment

As the number and nature of vulnerabilities continues to change, the way organizations approach vulnerability management, and how they think about risk and exposure must also evolve. A modern approach is essential to solve some fundamental vulnerability management challenges without penalizing customers for embracing new technologies.

Vulnerabilities in a Dynamic Network

One of the biggest challenges for security teams is knowing what assets are in their environment. Fluid assets like cloud services and containers come and go from the network, making it extremely difficult to constantly track them. Elastic infrastructure and BYOD transform the network into a shifting landscape.

Advertisment

The rapid pace of innovation, thanks to the adoption of modern computing assets like containers, DevOps, web applications, cloud and the internet of things (IoT), is helping organizations improve and streamline their business operations. But, it is also introducing new security risks that traditional vulnerability management methods, like active scanning, aren’t equipped to handle. If a cloud service or container isn’t on the network when an active scan is taking place, it will simply get excluded from the results. That’s why security must become a part of the software development lifecycle (SDLC).

On the other hand, operational technologies (OT), like supervisory control and data acquisition (SCADA) and industrial control systems (ICS), require a non-invasive approach to vulnerability management. Many industries like oil and gas, energy, utilities, manufacturing, government and healthcare rely on these critical infrastructure systems to keep business operations running smoothly. The challenge with securing safety-critical infrastructure and embedded systems like MRI/CT scanners, pacemakers, power plants and automobiles is that traditional agent-based scanning would require taking these systems offline, which would severely impact physical safety.

Compounding this problem, IT and OT are converging to create even bigger challenges for CISOs who are searching for a way to discover all of these assets and manage vulnerabilities holistically.

Advertisment

Modernizing Vulnerability Management

Given today’s expanding elastic attack surface, vulnerability management plays a critical role in helping companies understand and reduce their cyber risk. But outdated approaches are leaving organizations vulnerable and exposed.

Here are a few aspects that security teams should consider when looking at their approach to vulnerability management:

Advertisment

DevOps and Containers: Containers are changing the software development and deployment process, but organizations don’t have a way to effectively maintain and secure them. Containers need to be scanned for vulnerabilities early in the development lifecycle, before they reach production. When the right tools are in place, vulnerabilities can be identified and addressed in the QA environment, which is more secure and efficient than identifying vulnerabilities in production applications.

Modern/Passive Asset Tracking: Organizations need the ability to track changes to assets and their vulnerabilities, regardless of where they’re located or their lifespan. It’s critical that security teams have complete visibility into both traditional and modern assets, such as cloud, mobile, containers, web applications and SCADA/ICS. This means using a combination of active and passive monitoring to support the full range of IT, OT and IoT assets.

Integration and Automation: Vulnerability management needs to be integrated tightly with essential operational security processes like DevOps and include coordination and communication across groups, asset management, patch management and incident response. Automation will ensure speed, accuracy and efficiency while processing huge volumes of data.

At the end of the day, an organization is only as strong as its weakest link. That’s why security must be built in from the start, and should be a priority across all levels and departments of the organization. By creating a foundational vulnerability management program that focuses on the basics, like knowing who and what are on your network, where your vulnerabilities are, and how that risk maps to the business, CISOs can begin to build a world-class cyber security organization that can defend against the evolving modern IT landscape.

The author is Country Manager (India & SAARC), Tenable Network Security

security