Shields down at warp speeds…spells disaster

by Paresh Borkar

All businesses leverage digitalization to increase revenue, cut down costs and more. Increased digitization implies larger reliance on digital assets for business success. Most businesses need to be agile in today’s era and hence they are quick to adopt new software solutions (on-premise or cloud-based) in their digitalization journey.  As the digital footprint of a business increases, so does the cyber attack surface.

As business leverage different softwares in their journey, they are left with a plethora of software systems with different versions. Some of these softwares may have “known” vulnerabilities and vendors of some of these softwares might have already made patches available to address the vulnerabilities. However, business might not be aware of the availability of patches. The right patch for a vulnerability acts as a shield which can help protect the business from cyber attacks.

Consider Star Trek Starship as a metaphor for such businesses. These businesses with large digital assets (cloud-based or on-premise) are moving at a fast pace with their shields down. This is essentially like the starship moving at warp speed with shields down…..a perfect recipe for disaster!

Traditional solutions which scan for vulnerabilities produce long reports spanning numerous pages of findings. However, these reports are missing key pieces of information for the vulnerabilities found – remediation and patch information. Thus leaving the businesses stranded on what to do next with the report and how to remedy the situation. Also, traditional scanners are late to add test cases for new discovered vulnerabilities and this further adds to the delay resulting in the shields being down for longer window of time.

What businesses need is near real time information on which business assets are vulnerable, whether the vulnerability is known to be exploitable, any mitigation workarounds till a patch becomes available, whether a patch is available, and last but not the least, close the last mile by applying the patch in test and production in an automated but configurable/scheduled manner.

ThreatWatch helps provide vulnerability information in near real time (in hours as compared to weeks by traditional scanning tools) and correlates these vulnerabilities to organizational assets to produce a concise impact assessment report. The impact assessment report provides expected details on criticality of the vulnerability, assets impacted, etc. along with much needed details on whether there are known exploits for the vulnerability and whether a patch is available.

Using ThreatWatch OpenAPI, organizations can build automated patching workflows which are best suited to their needs. For example – organizations can take action on the Impact Assessment report for their assets by checking for available patches and downloading these. Organization can build custom logic to automate their existing manual business around patching. For example – download and test patches, download and apply patches for critical security vulnerabilities immediately while deferring patch application for low/medium security vulnerabilities for next planned maintenance window. The patching strategy will vary depending on the modus operandi of the vendor to provide patches. For example – some vendors provides publically available patches, while others require to login using vendor specific credentials to be able to access & download the patches and for others one simply needs to do an equivalent of a “yum upgrade”.

Essentially ThreatWatch OpenAPI provides the required platform building blocks to allow organizations to orchestrate the discovery, triage and resolution as deemed best fit for their needs.

In the unlikely scenario that organization does not want automated patching for certain systems, they can leverage ThreatWatch integration with ticketing systems (ServiceNow, JIRA, etc.) to create tickets and assign these to right folks in the organization. This will help ensure that closure of the last mile can be tracked and ensured.

With shields up again businesses can move at warp speeds….

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *