As security teams know all too well, data breaches are a fact of life. They’re also a huge thorn in the side of many companies. With the average data security breach costing $3.92 million worldwide and $8.19 million in the US, and resulting in untold damages to reputations and customers, it’s easy to see why.
More often than not, data breaches result from weaknesses or flaws in software that attackers can exploit. The number of vulnerabilities companies have is astounding. According to ESG’s Oltsik, “It’s not uncommon for a large enterprise to have thousands or even tens of thousands of vulnerabilities at any time.”
How Do You Manage Vulnerability?
The vulnerability management process starts by identifying your systems’ vulnerabilities. There are a number of scanning tools you can use to do this. Because new vulnerabilities pop up all the time, it’s important to run these scans on a regular basis.
Staying on top of vulnerabilities is no easy feat. In an ESG survey, 40% of cybersecurity and IT professionals said keeping up with the volume of vulnerabilities is one of their biggest vulnerability management challenges. Perhaps that’s why Gartner says that one of the most common ways to fail at vulnerability management is by simply sending a report with thousands of vulnerabilities to the operations team to fix. They note that successful vulnerability management processes include leveraging advanced prioritization techniques and automated workflow tools to streamline the handover to the team responsible for remediation.
What is Security Remediation?
Security remediation is the next critical step in vulnerability management. It’s focused on reducing security risk by fixing security holes whenever possible so you can stop bad actors from infiltrating systems. Which raises the question, “What is a vulnerability remediation process?”
Vulnerability activities include evaluating the vulnerabilities your scans have identified, assigning risk levels based on criticality and impact they may have on your environment, planning your responses, and tracking actions. Vulnerability remediation best practices include:
- Maintaining a single source of truth for all teams collaborating on vulnerability management, including security, IT, and DevOps.
- Automating as much as possible to speed and improve remediation.
- Integrating with service ticket tracking.
- Creating predefined remediation playbooks based on your organization’s environment.
- Enabling the engineers performing the remediations to access information about the vulnerabilities through your scanning tool.
Risk Remediation via Patching
In an ideal world, you can fix vulnerabilities with patches. But with all the vulnerabilities companies have, that can be difficult. 42% of the ESG survey respondents indicated that one of their biggest vulnerability management challenges is patching vulnerabilities in a timely manner. When remediation would be too time-intensive or patches simply aren’t available, vulnerability mitigation can be a good first step.
What is the difference between mitigation and remediation?
The goal of remediation is to stop threats from entering your IT infrastructure through gaping security holes. You do this by removing threats that can be eliminated. Mitigation, on the other hand, is when you take actions to minimize the negative impact of a threat that can’t be readily eradicated. For instance, you may be able to mitigate vulnerabilities by not using the vulnerable system/application or adding other security controls that make the vulnerability harder to exploit or that reduce the impact of successful infiltrations.
In some cases, particularly when the risk posed by a vulnerability is low, or the potential impact of being exploited is lower than the cost of mitigation or remediation, companies choose to leave the vulnerability as is for the time being.
How Isolating Operating Systems Turns a Risk into a Non Vulnerability
OS isolation, a technology Hysolate pioneered, splits a single physical endpoint into multiple virtual operating system environments and uses a virtual air gap to separate the environments. To mitigate security risks, dedicate one OS on each user’s device to sensitive data that must be kept free of potential threats. Make it fully locked down with no access to the Internet, no downloading files from email or using USB ports. Use the other OS for general day-to-day work and allow it to be open to the internet, accessible via USB sticks, and used for email.
Any cyber criminals who breach the general OS are completely contained within it, as is any damage they could inflict. Bad actors cannot reach the privileged OS or even see that it exists. For added protection, security professionals can configure the general OS to be non-persistent so that it’s wiped clean at specified intervals.