Information security continues to be a relentless foot race against cyber criminals. However, the busy CISO has daily worries too – approving and delivering security solutions but, also responding to a myriad of compliance requirements. Most audit reports in modern enterprises run along similar line items which are must-do’s and items that are nice to-do’s. What the audit reports always seem to not understand is the level of effort and time required from the security team to perform the must-do’s. The nice to-do’s almost never get done.
There is one area where CISO’s and their teams can meet security compliance requirements and increase organizational security: vulnerability management, also known as patch management. When the conversation turns to compliance activities, there are two things that are must haves – deploying the patch to the enterprise end-points and reporting on the status of those deployments for security compliance.
The CISO needs the proof the job has been done to appease the auditors and his board members that security compliance is well in hand. The CISO’s team has to test, deploy and remediate machines that did not get patched. It’s not a pleasant or easy task and it takes away from the security team’s constant vigilance and incident response capabilities. It can eat into security project cycles and support to other departments.
Qualasys sponsored a 2016 SANS research paper that suggests that effective cyber defense requires fixing all “critical vulnerabilities in one day, because risk reaches moderate levels at the one-week mark and becomes high when a vulnerability remains in a critical system for a month or longer. Among respondents, 10% reported being able to remediate critical vulnerabilities in 24 hours or less.”
Also Read: Mobile Device Security in the Workplace
The question is of course “is there a solution”? The answer is yes. Vulnerability management of end-points represents a great partnership opportunity with a trusted vendor. If competing priorities and high-value projects are preventing your security team from supporting the business initiatives, than it’s time to consider a provider who can execute the vulnerability management program to maintain compliance and keep the network safe from cyber criminals.
Contact Us Today
In August 2016 Navin Shenoy, corporate VP and general manager for the client computing group (CCG) at Intel said “the average household has ten connected devices. This will explode to 50 by 2020.” This situation will evolve the household network into the equivalent of a Small & Medium size business network – with all the vulnerabilities of an unmanaged IT environment.Explore
One of the biggest risks to enterprises is the remote user; especially the remote user who is on public Wi-Fi and never in the office. What’s interesting - is most of the folks never in the office are some of the highest performing sales, marketing and customer relationship managers your firm has. All of them are smart and all of them know enough about IT to be a danger to themselves and others.Explore
According to Zion Market Research, the global cyber security market was valued at $105.45 billion in 2015, is expected to reach $181.77 billion in 2021, and is anticipated to grow at a CAGR of 9.5% between 2016 and 2021. That said, if even one of the world’s technology conglomerates was equipped to provide a one-stop, foolproof security and compliance solution, we would not see statistics like this.Explore
The Smokey the Bear wildfire prevention campaign began in 1944 and its message of wildfire prevention remains as relevant and urgent today as it was in 1944. Just ask any American living in wildfire prone states. Smokey asserted in 1944, “Care Will Prevent 9 out of 10 Forest Fires." And although the message evolved it became very direct with, "Remember... Only YOU Can Prevent Forest Fires." Perhaps it’s time to unleash “Cyber Smokey” or perhaps a “Cy-key” (pronounced as “Psyhce”) with an equally direct message of, “Remember… YOU need to play your role to Prevent Data Breach.”Explore
An enterprise’s breach notification procedures and vulnerability management programs, and need for real-time malware detection and protection, have come under increasing scrutiny in light of the disclosures of the Equifax data breach. As a result of the failure of Equifax to address a software vulnerability in a timely manner, a series of events began which culminated in regulatory, criminal and state attorney general investigations.Explore
The modern-day CIO, CISO and senior management team members engaged in information security are faced with a daunting task. Chris Roberts (@Sidragon1) posted a description of the CISO role which seems accurate for many organizations: “Being a Chief Information Security Officer is easy. It’s like riding a bike. Except the bike is on fire, you’re on fire, everything is on fire and you’re in Hell.” WHY IS THE ROLE OF CISO SO CHALLENGING?Explore