|
To a cyber criminal, vulnerabilities on a network are hidden, high-value assets. When exposed, these vulnerabilities can be targeted for exploitation, which may result in unauthorized entry into a network, can expose confidential information, provide fuel for stolen identities, trigger theft of business secrets, violate privacy provisions of laws and regulations, or paralyze business operations.
New vulnerabilities appear every day due to flaws in software, faulty configuration of applications and IT gear, and (dare we say it?) good old human error. Whatever their source, vulnerabilities don’t go away by themselves. Their detection, removal, and control require vulnerability management. VM, as vulnerability management is called, is the regulated, continuous use of specialized security tools and workflow that actively help to eliminate exploitable risks.
The challenge for every business is to maintain a safe, open, and interconnected network – making it easy to exchange information with customers, suppliers, and business partners around the world.
Unfortunately, making this information both highly available and secure is hard work. Worms, viruses, and other security risks constantly threaten the theft of information and disruption of business operations. Moreover, the dramatic increase in new vulnerabilities discovered each day – and the speed with which new threats are created – make this challenge even steeper.
Every single business with an Internet connection is at risk due to network vulnerabilities. Whether you’re a small business, a multinational corporation, or a government – it makes no difference, you’re at risk.
The solution is to immunize your network from these security threats by eliminating their origin: network vulnerabilities.
How Vulnerabilities Expose Your Network to Danger
Vulnerabilities have plagued operating systems and software applications from the earliest days of computing. They used to be rare but now you read about successful attacks via the Internet almost every day. Universal connectivity provided by this global pathway gives hackers and criminals easy access to your network and its computing resources. When your network-attached devices are running without current security updates, these unpatched devices are immediately vulnerable to a variety of exploits. Any business is susceptible if vulnerabilities aren’t identified and fixed.
Programming mistakes cause most vulnerabilities in software. A common mistake is failing to check the size of data buffers – a kind of storage bin of memory where a computer process executes its functions. When a buffer overflows, it overwrites data in adjacent memory buffers. This corrupts the stack or heap areas of memory, which may allow the execution of an attacker’s code on that machine via a virus, worm, or other unpleasant exploit.
Computer scientists estimate that about 5 to 20 bugs are present in every thousand lines of software code, so it’s no surprise to see regular announcements of new vulnerabilities with related patches and workarounds. Your risk of vulnerabilities grows with use of General Public License software, particularly because implementers plug in untested modules of objectoriented programming code. When the quality of code is marginal, bad, or just plain wrong, experts call it ‘non-robust’.
Modules of code placed in the public domain may include nonrobust implementations of Internet protocol standards, making them easy targets for attack when used in a real-world network. Vulnerabilities must be identified and eliminated on a regular basis because new vulnerabilities are discovered every day. For example, Microsoft releases advisories and patches on the second Tuesday of each month – commonly called ‘Patch Tuesday’.
Careless programmers aren’t the only source of vulnerabilities. For example, improperly configuring security applications such as a firewall may allow attackers to slip through ports that should be closed. People using mobile devices may use an unauthorized or even a malware-infested website without going through the corporate virtual private network (VPN), perhaps because the official VPN is a bother when people want to surf MySpace, eBay, or the local online personal ads.
Letting your security guard down like this exposes devices and the network to attacks. You can even trigger an attack just by clicking on an email attachment infected with malware. The exploitation of vulnerabilities via the Internet is a huge problem requiring immediate proactive control and management. That’s why companies need to use VM – to detect and eliminate vulnerabilities in order to reduce overall security risk and prevent exposure.
|
