Don’t fall for the “panic patch” flywheel. There’s a better way.
It is an old cybersecurity mantra that all patches must be applied quickly to protect against newly discovered threats before attackers can exploit them.
Unfortunately, in the real world this is almost impossible. Fewer than half of all organizations can patch fast enough to defend against zero-day attacks. For medium to large organizations, patching takes about 102 days on average.
The Australian Cyber Security Center recommends that commonly targeted applications be patched within a month of their availability.
Compare this to the average time it takes for a cybercriminal to exploit a vulnerability after it is revealed by the announcement of a patch: 15 minutes! known to cybercriminals long before it was
cautionary tale
The most infamous example of the consequences of not applying a patch was the 2017 Equifax credit bureau breach, which stole the personally identifiable data of hundreds of millions of people.
The first breach of Equifax’s defenses was through a vulnerability in Apache Struts, an open source development framework widely used for creating enterprise Java applications. The vulnerability was exploited on March 10, just three days after the Apache Foundation released a patch to combat the vulnerability. In one report of the attack, Equifax administrators were told to apply a patch urgently, but the employee tasked with doing so did not.
This oversight was exacerbated by other failures in the Equifax patch regime. For example, an IT department had previously run a series of scans to identify unpatched systems that were not flagged as vulnerable.
Patching is an increasingly impossible task
Comprehensive patching across a large organization is a lot of work, but it also presents significant challenges. Patching legacy systems is difficult and sometimes impossible. Patching such systems requires careful planning, including downtime scheduling.
All these factors mean that patching is not only a technical task, but also a human and administrative challenge. Without well-managed security capabilities integrated into an organization’s overall management structure, security personnel struggle to meet the challenges. This was part of Equifax’s problem.
Although the scale of the breach made Equifax come under intense scrutiny and highlighted numerous security flaws, it’s important to note that it could have been compromised even without these. The breach occurred just three days after the patch was released.
In many organizations, the number of vulnerabilities has also increased with the number of applications that may need to be patched in the future. According to NIST, more than 25,000 verified vulnerabilities were detected in 2020. His HackerOne on Bug Bounty Hub reports that verified vulnerabilities in 2021 have increased by 20% from 2020, and in total he has increased by more than 66,000.
As the volume and velocity of patches increases, competing priorities put IT operations, SOC, and triage teams under constant pressure, directly impacting planned release schedules.
Patching is a never-ending catch-up game, the software version of Whack-A-Mole. By the time a set of vulnerabilities is patched, more will emerge.
Because it is impossible to patch to provide rapid and comprehensive protection from new threats, most organizations rely on trying to detect attacks as soon as possible after they begin to take place. I’m here. Basically, they move into damage control. It features a robust recovery plan designed to help your organization recover quickly and minimize damage to your business and reputation.
Way forward
There’s a better way. Monitor all workloads to detect changes from normal behavior that can result from successful attacks and block them before damage is done. This is called Continuous Server Workload Protection.
This technology does not require prior knowledge of vulnerabilities or specific attack techniques. It relies entirely on understanding all applications so that whatever the hacker’s goal, behavior changes resulting from a successful attack can be detected and blocked before damage can be done. increase.
This process is fully automated. No need to create and apply policies. There is no need to frequently update virus signatures or tune or tweak your system. And it’s all done in milliseconds.
Continuous Server Workload Protection provides dynamic and accurate protection against the broadest range of attack vectors targeting server workloads. It provides in-depth protection for software at runtime, mapping exactly what an application should do and stopping malicious code before it can be executed.
Continuous server workload protection is effective against zero-day attacks, ransomware, unknown attacks, and legacy software that is no longer supported (and patches are not available).
By automating the threat detection and elimination process, you can continuously protect your server workloads, freeing your security staff to focus on more strategic issues. Lower stress levels and higher job satisfaction lead to higher employee satisfaction and lower turnover.
However, the most compelling argument for continuously protecting server workloads is the likelihood of a successful attack and all the possible consequences of that success (damage to brand and reputation, downtime, etc.). , lost productivity, and ransom payments) are significantly reduced.
Takeaway
Every CISO should be aware of this breakthrough technology. This plays an important role in resolving ever-present patch issues. Vulnerabilities are inevitable with every software release, but by continuously protecting server workloads, organizations can effectively regain power.
Don’t fall for the “panic patch” flywheel. There’s a better way.
Source link Don’t fall for the “panic patch” flywheel. There’s a better way.