According to the Verizon Data Breach Investigations Report, published in November 2018, the #1 cause of a breach continues to be vulnerable systems, left exposed and unpatched. Preventing the exploitation of vulnerabilities when using an effective solution is one of the few countermeasures that can pro-actively protect your infrastructure before an attack has even started as opposed to relying on traditional network security or threat detection and investigation solutions, which are often too late in preventing theft or loss.
However, it has become clear with attacks like WannaCry, ransomware and other advanced malware, which were successful against already known vulnerabilities, that most vulnerability management systems have failed to protect organizations for a variety of reasons. In this three part series, we will explore the major reasons why vulnerability management gets a bad rap and honestly has failed to pro-actively protect our organizations. In the meantime, we’ll cover the first challenge most organizations face in the first line of defense against successful attacks.
Challenge 1: Manual Tracking of Dynamic and Cloud Assets - We are in a dynamic world where virtual machines, mobile workers, IoT devices, and cloud computing makes it extraordinarily difficult for security teams to know the vulnerability and threat risk posture of a given system at any given time. Many security teams use spreadsheets and other “manual” tools to keep track of such assets. If I can’t identify an asset after the IP address or other attributes change, then how can I know its security risk, especially when I need that information in real-time? Some vendors claim to solve this issue partially, but cannot provide risk posture for transient assets, as an example, a health monitoring system on a cart that frequently moves location and goes on and off online. Another example a mobile worker’s laptop that has not connected securely back to corporate in several days or weeks and the ability to accurately determine it as a known quantity and compare previous risk posture to current status.
Learn more about how Digital Defense’s patented technology comes together in a single purpose-built SaaS vulnerability management and threat detection platform, Digital Defense Frontline.Cloud, designed for today’s hybrid cloud environments.