Analytics
7/9/2010
02:49 PM
50%
50%

Tech Insight: IT Security's Most Time-Consuming Tasks

Picking the right tools can help save time and streamline efforts

IT security professionals are faced with countless tasks. Some require just a couple of minutes of time, while others are virtual time sinks that take away from securing IT resources. And choosing which tasks to tackle first isn't always a decision left up to the security pro.

CSOs, attacks, and administrivia all impact on security pros. The CSO, if you even have one, will want to know how your company's security program handles the latest attacks he heard about or whether you really need the product he just got cold-called about. And then there are the phishing attacks that get forwarded for investigation and the Web server logs that were filled up overnight because someone was brute-forcing directories and attempting SQL injection.

Let's not forget the countless meetings, paperwork, and reports that require inordinate amounts of time -- time that would be better spent patching systems, securing Web applications, and tightening desktop protections to fight malware.

InformationWeek's 2010 Strategic Survey provides insight into what's currently eating away at IT security professionals' time. The top three: patch management at 33 percent, malware detection and analysis at 30 percent, and incident response at 24 percent. If you're on the front lines or a C-level exec getting daily reports on security incidents in your organization, then those numbers shouldn't be surprising.

It's important to note that most of the respondents are spending the greatest portion of their time on patch management because of the shift in the threat landscape. In the past when most attacks were targeting vulnerabilities in servers, patching was easier and took less time. Patches had to be tested to be sure they didn't bring down production services, but there were typically far fewer servers than user workstations.

Now attacks are targeting the end users and their workstations. They're sourced from compromised websites, malvertisements, social networking, and phishing, greatly emphasizing the importance of patching tens, hundreds, or thousands of systems.

Taking advantage of available patch management tools can help reduce the time many security pros are spending, sometimes running around installing patches machine by machine depending on the size of the business. Some solutions are freely available but limited in what they can patch, while commercial solutions offer greater product coverage and, often, cross-platform support.

Microsoft's Windows Server Update Services is free and can be used to push patches to Windows operating systems and Microsoft Office products, but it lacks support for third-party applications. Other companies, like Secunia, BigFix, and Lumension, offer more complete solutions for patching software, such as Firefox and Adobe Acrobat Reader, across an enterprise. They also feature reporting capabilities so you know what is and isn't patched.

Ask any security pro from small businesses to large enterprises, and they will agree: Malware is out of hand. Users' workstations are getting infected because their Adobe Flash isn't updated and a malvertisement exploited a Flash vulnerability just by visiting popular websites. The increasing ineffectiveness of antivirus isn't helping, either.

Security pros are stuck trying to detect malware before it gets deep into the internal network and has access to sensitive data. Knowing some piece of malware is on a system isn't enough, though. There's a need to analyze what's there to see what credentials or data it was attempting to steal. And the C-level execs want to know whether it was part of a targeted attack.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.