Vulnerability Management and Patching

July 23, 2020
vulnerability security

It’s 2020, do you know where your vulnerabilities are (and when they’ll get patched)? 

There have been several high-profile vulnerabilities in the news recently, like Microsoft’s wormable DNS Server exploit and Citrix’s Application Delivery Controller exploit. These events show that it is more important than ever for organizations to adopt a mature vulnerability management program. Critical vulnerabilities are being discovered in industry-leading operating systems, server software and device firmware. Organizations need to be able to uncover and remediate them or risk making the news themselves.

Traditional vs. New Vulnerability Management

Traditional vulnerability management programs typically centered around a vendor’s patch timelines. The most well-known of these is Microsoft’s Patch Tuesday on the second Tuesday of every month.  Organizations would wait until these patches were released, deploy them in a test environment and then in their production environment to their known servers and services. For a long time this remained an effective strategy to minimize organizational risk – especially as those patches were layered with yearly vulnerability scans.

As time has passed, more software, hardware, and firmware vulnerabilities have been discovered. This has led to significantly increased risk for an organization across its entire technology stack, beyond just endpoints and servers. This has led to a few changes:

  • Patches are no longer just “set it and forget it.”
  • Many require specific registry, group policy, or configuration modifications to be made before or after application to be effective.
  • Many require an engineer knowledgeable in the solution to safely validate and implement.

Additionally, with the current remote working situation, many organizations’ network exposure has expanded far outside of the reach of their traditional vulnerability management programs. To stay ahead of these threats, organizations need to adopt a more proactive approach to uncovering and remediating vulnerabilities in their environment.

Layering scans

Layering full network mapping scans with continuous vulnerability scans can give you strategic visibility and alert you to unknown devices in your environment that might be otherwise ignored or left unpatched. It can do this all while providing threat information scoped beyond just servers and endpoints, and now including your switches, routers, printers, or phones. The flip side is that scanning and mapping tools require knowledge and skill to effectively execute and maintain. If configured improperly, they can provide data that is inaccurate and not actionable.

Vulnerability Management Database Platforms

Instead, ingesting the vulnerability data into a vulnerability management database (VMDB) platform can offer several benefits:

  • Increase the efficiency of the management program and provide real-time tracking and risk-scoring
  • Build strong and traceable processes tied directly to legitimate organizational risk
  • Support significant reduction in time-to-discovery and time-to-remediation for exploitable code in the environment – no matter where it sits

Once you have a reliable set of data and a working process to generate that data, the next potential problem arises: who is going to do the fixing? How will we assign the work and report on its completion? In many organizations, the IT staff is already responsible for near full-time workloads; many struggle with the added weight of vulnerability remediation and its associated risk management requirements. Additionally, management of the VMDB takes time and effort and requires specific knowledge of the internal risk posture and profile for the organization. This can create additional resource challenges for organizations to overcome.

Managed Services for VMDBs

Each of these steps has one central theme – it requires resource manpower to accomplish, and the necessary work falls on roles that are taxed to begin with. As such, managed services providers have become a more relevant and cost-effective option. MSPs provide the relevant expertise and tooling, and prevent the organization from having to bear the time and financial cost of generating an in-house vulnerability management and remediation framework. Organizations can leverage partnerships for every step of the way. It doesn’t matter if it is just for the scanning and mapping, the reporting, or even fully managed patching.

At ivision, we are passionate about ensuring that organizations are protected and stay protected. There is a constant onslaught of software and hardware vulnerabilities and we work to meet these needs head-on by providing layered support with our Managed Services team. We have helped many organizations implement long-lasting and effective vulnerability management programs. If you are facing any challenges, we would love the opportunity to talk with you.

Tags