Enterprises have any number of technological solutions in place to provide those security capabilities at different levels of effectiveness.
“Inspection” is a term that anyone who has ever had even a passing acquaintance in the military/police , fire department or paramedics understands. Cybersecurity inspection may not have you standing at attention at the door to the data center, but rest assured a “bucket of oily rags” would be something the safety folks would identify as a “must fix”. Believe it or not, vulnerability management, also known as patch management, can tell you if you have a risk of a data breach inferno.
THE RIGHT FRAMEWORK FOR YOUR BUSINESS
Most enterprises have any number of technological solutions in place to provide those security capabilities at different levels of effectiveness. Effectiveness, efficiency and reporting on success and failure is vital. When it comes to vulnerability management the capabilities have to go far beyond what native configuration and patch deployement solution can provide. The solution is to evaluate and adopt the right framework for your organization. As an example, “NIST CSF (cyber security frame) recommends building security capabilities along “Identify” “Protect”, ”Detect”, “Respond” and Recover”, that can be adopted as a foundational approach and build suitable tools in alignment with the design aspects. Investment in a top notch 3rd party solution or a specific patch management as a service (PMaaS) firm that are designed for realtime detection, enterprise wide remediation, and Zero-Touch deployment should be at the top of the list to provide an enterprise proactive security.
‘The Australian Signals Directorate (ASD) assesses that implementing the Top 4 Strategies to Mitigate Cyber Intrusions will mitigate at least 85% of the intrusion techniques that the Australian Cybersecurity Centre responds to. For this reason, the Attorney General of Australia requires Australian government agencies to implement ICT protective security controls as detailed in the Australian Government Information Security Manual (ISM) to meet ASD's Top 4 strategies.’ (https://www.asd.gov.au/infosec/top-mitigations/top-4-strategies-explained.htm)
STRATEGIES TO COMBAT CYBERCRIMINAL INTRUSIONS
The ASD’s guidance prescribes 4 strategies to combat cybercriminal intrusions. Two of those four are related to Patching – Patch Applications and Patch the Operating System(s). It is very clear that in order to reduce the risk of a data breach, aggressive and timely patching is required.
‘Every server, workstation, network device, network appliance, mobile device, operating system and installed application needs to be kept up to date in order to ensure the security of an organization’s operating environment as a whole. A single unpatched machine significantly increases the attack surface of an organization’s environment, and this increase is multiplied as more machines are in a vulnerable or unknown state.’ (IBID)
When a world-wide threat such as Wannacry or Not Petya breaks out, the organization may need to deploy an emergency patch sometimes as quickly as within 48 hours. Reaching thousands or even tens of thousands of endpoints requires a solution and a team that can scale to meet the demand. Depending on the virulence of the threat, priority patching may need to take place on workstations or Internet facing servers such as web, email and remote access - in hours.
PATCHING WITHOUT TESTING?
There is no question that patching without testing is risky, however when confronted by the impact of a global ransomware worm, the question to ask is how much damage can your organization afford? In the cases of FedEx/TNT Global and Maersk Shipping, the damage was assessed at $300M for each company. Your business’ change management process for the testing, approval and deployment of critical security patches needs to move faster than these global threats.
Although the business may be somewhat uniform when it comes to operating systems, the suite of applications used in enterprises can number in the hundreds. Given that Java, Adobe Flash, Adobe Acrobat (PDF) Reader, Microsoft Office and web browsers from all the vendors are frequently targeted by exploits, these along with the operating system must also be patched quickly when a vulnerability is under active exploit.
Legacy applications (no longer vendor supported) and out-of-date applications drastically increase the level of risk to an organization. Keeping applications at the most current release provides security where it is needed the most – on user workstations which interact with the Internet. The ASD provides explicit guidance on application patching:
‘Timely patching of applications substantially reduces the potential for attacks to compromise an organization’s computing environment and should be considered as important as timely operating system patching.’
Contact Us Today
Better Insights in the Cloud Data analytics is not an entirely modern invention. The term “big data” was coined in the 1990s to describe massive data sets often used in the finance, science, and energy sectors. Since then, both the amount of data produced and the computing power it requires have grown at an astonishing rate. The tools and techniques honed through various scientific disciplines provide a platform for businesses to accelerate growth and make the most of their place in the market.Explore
What is Predictive Analytics? Predictive analytics is the practice of analyzing past and present data to predict a future outcome. Today, every industry from insurance and finance to healthcare and child services uses neural networking, machine learning, and artificial intelligence to build predictive models to solve complex problems and support better and faster business decisions.Explore
What is ITOM? IT operations management (ITOM) can be defined as the process of managing and maintaining an organization’s network infrastructure. An IT team is typically tasked with this work, covering aspects of computing such as compliance, security, and troubleshooting. This team works with internal and external network users, offering advice and remediation to overcome technical obstacles and maintain effective service delivery.Explore
Putting Data to Work Recently, one of the world’s largest global shipping companies was seeking to identify new revenue opportunities; specifically, they were interested in monetizing their data by building other, related business intelligence products for different industries. Like many other businesses, they had found themselves sitting on a mountain of actionable data without any processes in place to explore or leverage said data. Their intentions were now pointed in the right direction, but what they were missing was a data monetization strategy.Explore
The Data Tide Businesses in the digital age are inundated with data as it floods in from multiple channels. This data is both a challenge to wade through and an absolute goldmine. Its tremendous potential can be harnessed to communicate meaningfully with audiences and advance an organization’s brand awareness in the public eye. The problem is, however, that raw data itself can’t tell a compelling story to most people. It needs to be woven together artfully to create a narrative that connects with a specific audience. This is where data-driven storytelling comes in.Explore