Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/26/2020
10:00 AM
Yaniv Bar-Yadan
Yaniv Bar-Yadan
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Good Cyber Hygiene in a Pandemic-Driven World Starts with Us

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.

We've seen COVID-19 infection curves flatten when people are conscientious about recommended pandemic hygiene, such as social distancing and wearing a mask. As we start to re-emerge from quarantine, it serves as a powerful example of what can be accomplished if security and IT teams approach cyber hygiene with the same rigor and sense of urgency. Effective cyber hygiene requires a level of cross-team collaboration, which is rarely the norm. Here are three ways security teams can make effective improvements while creating the common ground needed to sustain them.

Seek to Understand and Empathize
Corporate IT teams remain surprisingly siloed, which makes fundamental yet essential cyber hygiene functions such as vulnerability and patch management difficult to do well. Reducing vulnerability-related IT risk isn't possible without contributions from both security and IT operations teams. Teamwork is hard, and even simple cyber hygiene workflows are easily complicated, often by the division of labor across different teams. 

Security teams are usually the ones that find vulnerabilities, while other IT teams (mainly IT operations and DevOps teams) are the ones that fix the issues. When those fixes don't work as planned, it can impede their ability to preserve the availability and reliability of infrastructure. The bottom line is that full-stack security isn't trivial and requires compromise and collaboration across all stakeholders. 

As the pandemic has reminded us, the simple act of connecting with another human being can have a profound impact on the personal and professional resilience of all parties. Take the initiative to reach out to colleagues on other teams. Ask what a successful day looks like for them, about the tools they use and love, the processes that work well and don't work at all. With normal processes and interpersonal communications upended, now's the time for security teams to connect with their counterparts on other teams and (re)forge the connections that lead to productive partnerships.

Intelligent Vulnerability Remediation Goes Beyond Patch Management
According to Imperva, there were more than 20,000 new vulnerabilities reported in 2019. Unfortunately, handling the influx of all these new security threats remains a largely manual and error-prone process. And we all know patches can easily break more things than they fix. But patching is not the only remedy for security vulnerabilities. Configuration-based remediation options such as closing down firewall ports can be used to close security gaps quickly, even if only used as a temporary stopgap until a more robust solution can be implemented. 

It's difficult for IT operations teams to source and compile the patches, workarounds, configuration changes, and compensating controls needed to remediate an avalanche of vulnerabilities every week. Using remediation repositories that store what can also be called remediation intelligence, the vulnerability management equivalent of threat intel, security teams can help to lighten their load. Instead of tossing a list of unprioritized vulnerabilities over the cubicle wall for the IT team to deal with, remediation intelligence enables security teams to take a more active and collaborative role in closing tickets.

From using Ansible playbooks or Chef recipes to patch a Linux server to preventing exploits by updating a firewall configuration, remediation intelligence enables security teams to help IT operations teams determine the best fix for their environment. Take this time to figure out how your security and IT teams can use remediation intelligence to streamline infrastructure security. 

Re-Evaluate Remediation KPIs to Ensure Relevancy 
Security operations teams often rely on industry-standard benchmarks to prioritize the execution of cyber hygiene workflows, but many of those metrics are outdated or have become dangerously misleading. For example, prioritizing remediation based solely on a vulnerability's Common Vulnerability Scoring System (CVSS) score is still a common but highly flawed practice. CVSS scores are essential for benchmarking the criticality of a vulnerability, but not how critical the threat is to the assets in a unique environment. 

So, what metrics should be used to guide and prioritize the efficient work of vulnerability remediation? Here are a few of my favorites. While these are metrics used by security teams, strong cross-team support leads to greater control over these benchmarks.

  • Coverage: Does the security team have sufficient vulnerability scanning in place for all business-critical systems and applications? Are there any blind spots? Coverage clarity across the full scope of risks, known and unknown, is necessary for comprehensive security.

  • Vulnerability dwell time: The time between vulnerability disclosure and published exploit of the vulnerability in the wild has contracted substantially over the last couple of years, from weeks to days. The longer the vulnerability dwell time, or the time the vulnerability is persistent in the environment, the greater chance it will be exploited.
     
  • SLA goals versus actual remediation results: By evaluating remediation results against goals outlined in service-level agreements with the business, you can gauge how well your team has met its stated operational and risk management goals, why or what not, and how to improve.
     
  • A commonsense risk model: Just because an Oracle vulnerability has a CVSS score of 10 doesn't mean it matters to your organization if you don't run any Oracle. But if significant components of your infrastructure run on Oracle, you'd want these vulnerabilities to be flashing red on the remediation list.

As Rahm Emanuel (via Winston Churchill) famously said, "Never let a good crisis go to waste." Change at scale is never easy, but the pandemic has created a once-in-a-career opportunity to make material improvements to cyber hygiene practices.

Related Content:

 
 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 
 

With over a decade of cybersecurity experience under his belt, Yaniv has spent years working with some of the largest companies in the world. With his "solutions, not problems" mindset, Yaniv had co-founded Vulcan Cyber in order to do just that - enable security teams to ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Dan@12345
50%
50%
[email protected],
User Rank: Apprentice
6/27/2020 | 7:12:34 PM
wow
Thank You for sharing this information
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:39:07 PM
Everybody
The bottom line is that full-stack security isn't trivial and requires compromise and collaboration across all stakeholders. Security is everybodys responsibility, obviously full-stuck security is better way to go.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:41:00 PM
IT Teams
As the pandemic has reminded us, the simple act of connecting with another human being can have a profound impact on the personal and professional resilience of all parties IT teams should not be impacted with the pandemic, we should be able to connect while we are distant to each other.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:43:23 PM
Collaboration
now's the time for security teams to connect with their counterparts on other teams and (re)forge the connections that lead to productive partnerships. I agree, this collaboration would be critical for is to be successful in todays environment.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:46:20 PM
Remediation
Using remediation repositories that store what can also be called remediation intelligence Lessons learned on remediation and building intelligence on every incident is critical.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:48:15 PM
Learn
Never let a good crisis go to waste Good to remember. We can really learn from each crises
thoughtful51
50%
50%
thoughtful51,
User Rank: Apprentice
7/13/2020 | 10:01:56 PM
exactly
I so agree with the previous post that "The bottom line is that full-stack security isn't trivial (it's NOT!) and requires compromise and collaboration across all stakeholders." Security is everybody's responsibility, obviously full-stuck security is better way to go. My son works in this industry and says it all the time- Security is everyone's responsibility.  Thank you! <a href="https://www.locksmithwestminsterco.co"></a>
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5421
PUBLISHED: 2020-09-19
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package &lt; 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...