Page 16 - Cyber Defense eMagazine - June 2018
P. 16
the most money and resources necessarily results in a superior security program. While
having abundant resources and a full toolbox is no doubt a desirable luxury which can
help tremendously if employed strategically, it guarantees nothing. If it did, security
news headlines would be dominated by under-resourced, fledgling companies. But they
aren’t – the largest companies and governments in the world, with comparatively
massive security budgets and headcounts, can’t keep out of the limelight.
Organizations of any size and budget can significantly improve their security posture by
shifting their focus from stockpiling security tools and capabilities to focus instead on the
speed of execution of a few key abilities.
THREAT INTELLIGENCE
Every day, new vulnerabilities and threat vectors are discovered in operating systems,
common services, third-party component libraries, etc. Likewise, waves of attacks often
follow trends (such as the recent spate of cryptocurrency-mining malware distributed by
botnets). It is crucial to have awareness of these developments in as close to real-time
as possible. Reports of new vulnerabilities often hit the news media well before they are
catalogued in public vulnerability databases. It can take much longer for vulnerabilities
to appear in updates to industry vulnerability scanners, which it would seem many rely
on as their means to stay current.
Recently, I came across a particular vulnerability where the time between public
disclosure and appearance in vulnerability scanner updates was around ninety days. If
relying on security tool vendors to keep pace, this example gives potential attackers
three full months lead time before even having awareness of whether the vulnerability
exists in organization apps and systems – this doesn’t include analysis and remediation
time.
If you have the opportunity to employ a commercial threat intelligence tool, that can be a
helpful time-saver. But if not, all is not lost. For the past several years, I’ve daily
monitored a number of security-related web-sites, RSS feeds, and listened to a number
of weekly security podcasts to keep current. It has consistently paid off – I am nearly
always ahead of both those around me and vendor tools. Furthermore, acquiring this
knowledge immediately when available has allowed me to quickly investigate other
implications of these vulnerabilities to apps and systems before external exploit
attempts kick into high gear.
GOAL: REDUCE TIME TO BECOME AWARE OF NEW THREATS TO YOUR APPS
AND SYSTEMS. NARROW THE TIME GAP BETWEEN PUBLIC DISCLOSURE OF
VULNERABILITIES AND POSITIVE IDENTIFICATION OF IMPACT TO YOUR
APPS AND SYSTEMS.
16 Cyber Defense eMagazine – June 2018 Edition
Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.