According to the National Vulnerability Database, more than 24,000 new vulnerabilities were registered in the last three years alone. This means that on average, around 150 new threats to companies and users are identified each week. While experts and security authorities advise against ransom payments, the illegal cyber market is growing and hackers are earning huge amounts of money by hiding alone or in groups, putting IT administrators under pressure to safeguard the network perimeter.
No guarantee of 100 per cent safety
In the fight against hackers, the question which arises most often is: at what point should cybercriminals be stopped? The software itself, due to its high complexity, is not faultless. In the case of well-written programs, there is less than one error per 1000 lines of code. But in Windows 7, for example, in every 40 million lines of source code, statistically there may already be several thousand potential vulnerabilities. Microsoft itself recognises this and proactively engages hackers (the so-called White Hat) to identify vulnerabilities or rewards those who have identified vulnerabilities and reported them to the group. In such cases, software vendors can quickly provide a solution (patches) to eliminate vulnerabilities.
This is a particularly critical moment for IT administrators. When Black Hat hackers learn about the official release of a new patch, they do their best to gather information about the original vulnerability and develop a proper exploit as soon as possible, before user-uptake of the patch is considered complete. Due to the complexity of the software and the race against the clock, complete safety cannot be guaranteed. IT administration should therefore not underestimate malware security measures or overestimate their potential. IT faces the difficult and challenging task of tracking security gaps on all computers, mobile terminals and servers in the enterprise. The complexity of this task is further increased by the wide variety of tools that are used to monitor and manage the systems.
The need for speed
Patch, patch fast and patch well. This mantra should be the heart of any security process since the speed at which IT administrators can ensure vulnerabilities are mitigated is often the most critical factor. The vast majority of those affected by the likes of WannaCry were only susceptible to the malware because they had failed to deploy a two-month old critical patch, showcasing the need for prompt action which only automated processes can ultimately guarantee.
IT leaders should therefore establish a determined reaction time based on the criticality of the specific patches, or - where no patch is available – clear remedial actions. With this in mind it is advisable to establish some internal deadlines based on the severity of the threat. IT administrators should never underestimate the importance of patching and hold their teams accountable for achieving this KPI.
Automation enables process implementation
Combining these tools into a single interface and the automation of various security tasks greatly reduces the workload and supports the work of the administrator. One solution is a Unified Endpoint Management (UEM) tool, which can fully and uniformly manage all client stations in one program. This is the first step towards increasing security, because it is only through knowledge of your resources and how they interact, that you will be able to protect them effectively.
Necessarily, such a program should also be equipped with a preview of the continuously updated databases from recognised organisations. On the basis of these databases, gaps are automatically detected and, through the distribution of a corresponding patch, automatically closed. With a unified endpoint management solution, administrators can equally easily distribute updates to frequently used applications, such as Adobe Reader, Java and Firefox.
This means that the IT specialist remains manually browsing databases, testing their own terminal equipment and using and controlling patches, which saves a lot of time and energy. Providing IT administrators with automated vulnerability management weaponry, will enable them to filter and set search criteria by terminal device, security vulnerability and threat level for the higher and most timely degree of protection. In this way, they can determine what needs to be addressed first - whether it is the device with the most vulnerabilities, the most common gaps in the system or the most dangerous threat. This is a decision that may prove to be the most important in the race with hackers.
Safety through combining human knowledge and software functions
As the black market for explosives and malicious software grows and grows, security experts provide increasingly intelligent prevention tools. The trend towards appropriate solutions using automated processes, such as vulnerability management, is due not only to the need for manual administration of many difficult-to-control terminal devices, but also to the need for the administrator to have sufficient time to make important decisions. Behind all the lines of malicious software code there are people who act in an unpredictable way. This can be avoided, but there is a need for appropriate tools, prevention measures, automated vulnerability management and knowledge on the part of administrators.
Sean Herbert, UK Country Manager, baramundi software (opens in new tab)
Image source: Shutterstock/violetkaipa