the most money and resources necessarily results in a superior security program. While
               having  abundant  resources  and  a  full  toolbox  is  no  doubt  a  desirable  luxury  which  can
               help  tremendously  if  employed  strategically,  it  guarantees  nothing.  If  it  did,  security
               news  headlines  would  be  dominated  by under-resourced, fledgling companies. But they
               aren’t  –  the  largest  companies  and  governments  in  the  world,  with  comparatively
               massive security  budgets and headcounts,  can’t keep out of the limelight.
               Organizations  of  any  size  and  budget can significantly improve their security posture by
               shifting their focus from stockpiling security tools and capabilities to focus instead on the
               speed of execution  of a few key abilities.


               THREAT INTELLIGENCE

               Every  day,  new  vulnerabilities  and  threat  vectors  are  discovered  in  operating  systems,
               common  services,  third-party  component  libraries, etc. Likewise, waves of attacks often
               follow  trends  (such  as  the  recent  spate  of cryptocurrency-mining malware distributed by
               botnets).  It  is  crucial  to  have  awareness of these developments in as close to real-time
               as possible. Reports of new vulnerabilities often hit the news media well before they are
               catalogued  in  public  vulnerability  databases.  It  can  take  much  longer  for  vulnerabilities
               to  appear  in  updates  to  industry  vulnerability  scanners,  which  it  would  seem  many  rely
               on as their means to stay current.


               Recently,  I  came  across  a  particular  vulnerability  where  the  time  between  public
               disclosure  and  appearance  in  vulnerability  scanner  updates  was  around  ninety  days.  If
               relying  on  security  tool  vendors  to  keep  pace,  this  example  gives  potential  attackers
               three  full  months  lead  time  before  even  having  awareness  of  whether  the  vulnerability
               exists in organization apps and systems – this doesn’t include analysis and remediation
               time.

               If you have the opportunity to employ a commercial threat intelligence tool, that can be a
               helpful  time-saver.  But  if  not,  all  is  not  lost.  For  the  past  several  years,  I’ve  daily
               monitored  a number of security-related web-sites, RSS feeds, and listened to a number
               of  weekly  security  podcasts  to  keep  current.  It  has  consistently  paid  off  –  I  am  nearly
               always  ahead  of  both  those  around  me  and  vendor  tools.  Furthermore,  acquiring  this
               knowledge  immediately  when  available  has  allowed  me  to  quickly  investigate  other
               implications  of  these  vulnerabilities  to  apps  and  systems  before  external  exploit
               attempts kick into high gear.

               GOAL:  REDUCE  TIME  TO  BECOME  AWARE  OF  NEW  THREATS  TO  YOUR  APPS
               AND  SYSTEMS.  NARROW  THE  TIME  GAP  BETWEEN  PUBLIC  DISCLOSURE  OF
               VULNERABILITIES  AND  POSITIVE  IDENTIFICATION  OF  IMPACT  TO  YOUR
               APPS AND SYSTEMS.






                   16    Cyber Defense  eMagazine – June 2018 Edition
                         Copyright © 2018, Cyber Defense Magazine,  All rights reserved worldwide.