The evolution of vulnerability management
As organisations focus on digitally transforming their enterprises, cybersecurity professionals have been facing an expansion of their attack surface – compounded by the digital explosion during the pandemic.
Almost every category of cyberattack increased over the course of 2021. The number of encrypted threats spiked by 167 percent, ransomware rose by 105 percent, and intrusion attempts climbed by 11 percent. Cyber economy research giant Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year, reaching $10.5 trillion USD by 2025.
Despite this, a PWC survey of security and technology executives last year showed that only 55 percent of cybercrime victims believed they were ‘well prepared’ to address these breaches — and 45 percent weren’t.
Proactive threat intelligence
In today’s world, ‘well prepared’ will never mean ‘invulnerable’. Faced with such a rapidly evolving threat landscape, it’s virtually impossible to address every risk. In fact, The Cyber Security Intelligence Agency reports that only 50 percent of organisations are remediating fewer than15.5 percent of their vulnerabilities monthly, says Patrick Evans, CEO of specialist cybersecurity solutions provider SLVA Cybersecurity. “IT managers are suffering from vulnerability fatigue. They’re caught in an infinite loop of testing and patching, draining resources and accumulating costs, often getting attacked through a vulnerability they were unaware of. Organisations must start moving away from trying to fix all vulnerabilities to focus on those that matter.”
Gartner’s Top 10 Security Projects for 2020-2021 report recommends risk-based vulnerability management: “Don’t try to patch everything; focus on vulnerabilities that are actually exploitable. Go beyond a bulk assessment of threats and use threat intelligence, attacker activity, and internal asset criticality to understand real organisational risk better.”
The use of vulnerability scanners is no longer sufficient, often overwhelming security specialists with the volume of vulnerabilities to remediate. “Not all detected vulnerabilities require immediate action,” says Evans. “Context is important. It’s not uncommon for organisations who take security seriously to use tools like vulnerability management, vulnerability prioritisation, breach and attack simulation, and pen testing – providing multiple vulnerability ratings that remain siloed. To be truly effective, a single, more comprehensive risk console is needed.”
New landscape, new solutions
An effective, comprehensive strategy today leverages threat intelligence and threat actor landscape to assign a tailored risk score to identified vulnerabilities.
To bring such a solution to local shores, SLVA Cybersecurity recently became the distribution partner and reseller for HivePro in South Africa. “With HivePro, security teams get a view of all their current approaches and where the top 15 percent of vulnerabilities lie so that they can prioritise those threats. Importantly, this happens on a continuous and evolving basis,” says Evans.
HivePro’s Uni5 uses the current known vulnerabilities and threats to provide a unified view of the true vulnerability risk in an organisation. It is the only vulnerability prioritisation technology that contextualises risk by checking the efficacy of an organisation’s compensatory controls, providing actionable intelligence for rapid vulnerability remediation.
Users see a combination of asset criticality, external threat context, internal compensatory control and patch intelligence to proactively reduce their attack surface before it gets exploited.
Uni5 uses four different groups for risk scoring: The first shows severe risks that could affect the organisation’s most critical assets and require immediate patching, the second group contains moderate threats to critical assets, the third shows high risks to non-critical assets and, lastly, moderate risks to non-critical assets.
Uni5 also orchestrates patch and configuration management to fix vulnerabilities, taking threat priorities into account. “These strategies are the way forward for organisations looking to take their threat intelligence to the next level. Perfection might not be possible in today’s ever-changing threat landscape, but proactive protection is,” says Evans.
- As HivePro’s local distribution partner, SLVA Cybersecurity provides a zero-cost proof of value to clients, providing an immediate snapshot of the top 15percent of vulnerabilities that will place the business at risk. MSSPs, service providers and resellers can also partner with SLVA Cybersecurity to provide this solution to their clients.