Many things in IT are set and forget, you install a new application, you implement a new network or roll out new visibility system. Sure, these things need to be maintained over time, but the main effort is at implementation time after which point you (hopefully) enjoy the benefits of the initial work.
By contrast, cyber security is an ongoing discipline – you can’t be ‘done’ with cyber security, hackers and hacking techniques are continually evolving, probing for vulnerabilities. A quick look at the growth of identified vulnerabilities from the Mitre Corporation CVE (Common Vulnerability and Exposure) system shows a continual nonlinear growth curve with a clear acceleration around 2017.
As an aside, for thos interested in the growth of identified vulnerabilities over the last decade or so, Rapid7 have an excellent blog post on this very topic here https://blog.rapid7.com/2018/04/30/cve-100k-by-the-numbers/ (from which I ave borrowed the graph shown below).
Keeping pace with this ever increasing deluge of vulnerabilities requires constant vigilance. We often hear of organisations that implement Microsoft SCCM to keep their Windows desktops and servers up to date with the latest patch releases. There is no question that this is an excellent start, but deploying SCCM does not mean that you are ‘done’ with patch management.
What is missing here are the vulnerabilities outside of the base Microsoft ecosystem, third party applications, non-Microsoft machines, network infrastructure and IoT devices such as cameras and access control systems all present potential points of vulnerability in your IT environment.
The ability to identify vulnerabilities and available software patches across the diverse range of systems in your environment is challenging, and not only that, you need to continually monitor these devices to ensure they are secure as the myriad of new vulnerabilities emerge daily.
This is where vulnerability management kicks in. A good vulnerability management (VM) solution will not only identify existing vulnerabilities across your complete IT environment, it will also identify the recommended patches to install to keep your systems safe (in fact a good VM solution like Qualys can do a whole lot more than just this … but perhaps the subject for another blog).
Vulnerability management should be considered an absolute must as part of any cyber security strategy, just like implementing firewalls or anti-virus, vulnerability management is key component in securing your organisation. But we shouldn’t consider vulnerability management as a ‘thing’ to deploy – vulnerability management is an ongoing discipline. At Counterhack, we often see organisations implement a vulnerability management system with the best of intentions, only to sit idle gathering dust with no one tasked with the critical job of actually running scans and keeping track of patch levels across the organisation.
By it’s very nature as an ongoing discipline, vulnerability management lends itself to being offered as a service. A discipline best outsourced to a specialist third party that understands the threat landscape and can identify weaknesses and help you to maintain patch levels. A service that helps you keep secure. This is the very reason that Counterhack offer a turnkey Vulnerability Management Service.