Thank you for Subscribing to Business Management Review Weekly Brief
I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info
I was recently told by a third-party risk monitoring service that our team resolves public-facing vulnerabilities more than 100 days faster than anyone in our industry, which was quite impressive. This was of little comfort, though, when one of our servers was attacked because of yet another zero-day exploit. For those not familiar with the term, zero-day is the time between someone figuring out how to break into a system and the product developer creating a patch for the vulnerability. Not very long ago, the exploitation of zero-days was fairly lengthy; people would talk about it in forums and share ideas, reconnaissance would take place in which the internet was scanned and cataloged, then people would start poking around and breaking into servers. Security teams usually had about a month to prepare and implement additional monitoring or workarounds and patches before there was any real danger of being attacked by a zero-day. The explosion of social media platforms has increased the speed at which new exploits are shared amongst those who would take advantage. The increase in organized internet crime has successfully monetized the exploitation of businesses both because there are structured gangs and through the likes of ransomware as a service (RaaS), phishing as a service (PaaS), and multitudes of other hacking services available on the Darkweb. There are now so many systems constantly scanning the internet that you can find an exploitable zero-day within a day and not a month. These events have created a perfect storm, changing the speed at which attackers can execute and infiltrate an organization, leaving our security teams very little time to respond.
The explosion of social media platforms has increased the speed at which new exploits are shared amongst those who would take advantage
When I was working for the Department of Defense, we implemented a program that revolved around continuous monitoring. A part of this approach includes scanning our publicfacing systems for both discovery and vulnerabilities every day, as opposed to once a month or even once a year when the pen testers come. We need to not only know if any new systems are there (because someone assigned a wrong IP address) or if we have a new vulnerability as soon as possible, but we must respond as soon as possible for containment and eradication.
Another critical component of this approach is the concept of continuous improvement. Information security teams cannot simply perform assessments and then fail to act on them, nor can we perform one or two assessments per year. We must continue to evaluate and re-evaluate our security controls to ensure we are implementing the best protections possible, and as the threat landscape continues to shift, we must advance to meet it. Do we have the right tools, and have we configured them properly to provide the best protection while minimally impacting the operations of the business? Equally important, do we have the right people in place? When we were faced with a recent zero-day, which was remotely exploited without the need for credentials, I was glad to learn that we do. Our tools alerted us to suspicious network activities, and our teams (security and IT) were able to take action to contain the event within hours. We were able to execute a retainer with our managed security provider, who performed forensics on the server image to confirm what happened and that no lateral movement or data loss took place. We did well this time.
This content is copyright protected
However, if you would like to share the information in this article, you may use the link below: