Patch Management Still the Achilles Heel
Risk Management Reduction Through Collaboration
Organizations continue to struggle with patch management, and it is leaving them more vulnerable than ever. In a recent report by Recorded Future that analyzed the attack vectors of cyber adversaries, an overwhelming majority of successful attacks took advantage of seven (7) known vulnerabilities. In their findings, most of these known vulnerabilities were exploited through phishing attacks and exploit kits that target defects in Microsoft products. More concerning in this report is that these 7 known vulnerabilities are the exact same ones that appear year-after-year.
It is well understood that a successful information security program requires cooperation and collaboration between information security and IT operations. Patching is one of the most important tasks one can employ to improve their overall security posture. Clearly this is not being enforced at the executive or board level as these vulnerabilities continue to exist each year. The unnecessary risk that organizations assume through the failure to patch, or patch in a timely fashion, must be comprehended at the highest reaches within an organization.
Information security is not responsible for patching in most organizations, but that does not mean they can wipe their hands of this process. Vulnerability scanning details, threat intelligence information, business process and risk modeling are all functions of most information security departments. Proactive communication and elevating the risk associated with delays in patching are all part of a coherent security posture program. In many regulated environments, timely patching is difficult due to the nature of the systems and applications. In these scenarios, the Security Operations Center can elevate the risk within their security monitoring stack (SIEM, etc.) to put increased visibility on those highly vulnerable systems. SOCs can communicate more effectively with senior leadership and monitor for this increased risk more effectively through proper Modeling within their SIEM and Security monitoring tools.
As 2019 comes to a close, let’s hope we are not reading about memory corruption flaws in Internet Explorer or remote code execution vulnerabilities in Microsoft Office this time next year, because organizations have improved their patch management processes and senior leadership is holding IT organizations accountable for mitigating these risks.
About ThetaPoint, Inc.
ThetaPoint is a leading provider of strategic consulting and managed security engineering services. We help clients plan, build and run successful SIEM and Log Management platforms in support of optimizing their SOC. We do this in conjunction with leading technology providers to properly align capabilities to our client’s needs. Recognized for our unique technical experience, in addition to our ability to quickly and rapidly solve complex cybersecurity challenges, ThetaPoint partners with some of the largest and most demanding clients in the commercial and public sector. For more information, visit www.theta-point.com or follow us on Twitter or Linked-In.
