|
To a cyber criminal, vulnerabilities on a network are hidden, high-value assets. Their targeted exploitation may result in unauthorized entry into a network, which can expose confidential information, provide fuel for stolen identities, cause theft of business secrets, violate privacy provisions of laws and regulations, or paralyze business operations. New vulnerabilities appear every day due to flaws in software, faulty configuration of applications and infrastructure, and human error. Whatever their source, vulnerabilities do not go away by themselves. Their detection, removal and control require vulnerability management (VM) – the calibrated, continuous use of software tools and workflow that proactively purges exploitable risks.
This guide describes the need for VM. It introduces the sources of vulnerabilities and their related fallout, then relates why the nature of modern threats to the network requires automated technology to counter sophisticated exploits. The guide defines elements of VM and how it controls the detection and remediation process. As an important byproduct, VM can also document compliance with security provisions mandated by legislation, industry and business policy. VM can be implemented for networks of all sizes with cost-effective technology that automates much of what used to be a complex, manual process. The assurance of security provided by VM prevents fallout from malicious exploits and preserves continuity of business operations.
The Prevalence of Network Vulnerabilities
Vulnerabilities have plagued operating systems and software applications from the earliest days of computing, but the main accelerant to exploitation by hackers and criminals is universal connectivity over the Internet. This global pathway provides access to networks and their computing resources. When network-attached devices have unpatched vulnerabilities, they are susceptible to a variety of exploits.
Programming mistakes cause most vulnerabilities in software. A common mistake is failure to check the size of data buffers; their overflow can corrupt the stack or heap areas of memory, which may allow the execution of an attacker’s code on that machine via a virus, worm or other exploit vector. The standard assumption by computer scientists is 5 to 20 bugs in every thousand lines of software code, so it is no surprise to see regular announcements of new vulnerabilities with related patches and workarounds. The risk of unanticipated vulnerabilities grows with use of General Public License software, particularly as implementers plug in untested modules of object-oriented programming code. These modules may include non-robust implementations of Internet protocol standards, making them susceptible to attack when placed into production environments.
Careless programmers are not the only source of vulnerabilities. For example, improper configuration of security applications such as a firewall may allow attackers to slip through ports that should be closed. Users of mobile devices may use a website without going through the corporate VPN, thus exposing those devices and the network to attacks. Or, a vector of attack may occur by clicking on an email attachment infected with malware. The exploitation of vulnerabilities via the Internet is a huge problem requiring immediate proactive control and management.
Recent Changes in Vulnerability Attacks Ease of Deployment
Endless public disclosures of data breaches have revealed exposure of millions of confidential consumer records – adequate proof why organizations must do more to protect networks from attack. But a dramatic change in the security threat landscape is raising the bar for organizations who want to actively minimize successful exploits of vulnerabilities.
Recent data show that exploits are no longer restricted to traditional risks of generic viruses, worms, Trojans and other single-vector attacks. According to global research by Symantec Corporation, a fundamental change in threats reveals movement “away from nuisance and destructive attacks towards activity motivated by financial gain.”1 Its report characterizes five new trends:
- Increased professionalism and commercialization of malicious activities
- Threats that are increasingly tailored for specific regions
- Increasing numbers of multistaged attacks
- Attackers targeting victims by first exploiting trusted entities
- Convergence of attack methods
Respondents to the 2007 CSI Computer Crime and Security Survey report that financial fraud causes the highest dollar amount of losses (31% of total), compared to viruses/worms/spyware (12%), system penetration by an outsider (10%), or theft of confidential data (8%).3
The fallout from cyber attacks now poses serious financial risk, so many organizations have taken steps to mitigate malware and other vectors of attack by deploying layers of security technology such as anti-virus/anti-spyware software, firewall, intrusion detection/prevention, VPN and encryption.
|
