Vulnerability Management Through Network Monitoring (Part 1)
No programmer or IT software suite is perfectly secure. No matter how well proven your business software and security infrastructure is, there will always be a few vulnerabilities. One program with a loose network policy, another that doesn't have an automatic time-out log-out function, another that has an SQL injection that's all too easy to access. Dealing with these vulnerabilities is the price we pay for the convenience of having someone else design our business software for us and, let's admit it, in-house developed software is just as likely to have a few minor flaws. This is why most modern businesses have a vulnerability management plan, a way to detect these little security holes and close them to keep your network and your client's private data safe from accidental or maliciously intentional security breaches.
Fix, Acknowledge, Investigate
The standard way to handle your vulnerability management is with a specialized IT team that works on a monthly basis to review vulnerabilities, enact the fixes that are available, and make a plan for vulnerabilities that do not have a convenient fix. This is known as the Fix, Acknowledge, Investigate system. For problems that can't be fixed immediately, they are either 'acknowledged' and a plan made to fix them, or tasked to 'investigate' meaning the team needs more information first. Usually, they start by using a VAS or Vulnerability Assessment Software which scans your computers and network for potential problems.
Often, there will already be a software patch available from the developers that fixes the known problem, but sometimes a patch isn't available or the update would put your systems built on an older version of the software at risk. In either case, you'll need to find your own way to close or at least guard the security hole.
When You Can Fix Un-Patched Vulnerabilities
If your vulnerability management team is skilled and dedicated, they should be able to create at least a few stop-cap vulnerability fixes to close those gaps in your cyber-security with configuration changes, scripts, and little ride-along programs that clean up after unpatched software issues. For the program that leaves authorized users logged in with no time-out function, an external time-out function can be written to ensure that if the program has not been active for several minutes, the log-out procedure is run to ensure that no terminal is left with unattended authorized access.
If a program is creating an excess of log files, taking up too much available memory, a small cron-job script can archive the logs and/or delete them. Covering or compensating for vulnerabilities through scripts and small programs is a great way to make sure that your business software suite is consistently secure even if a developer-made solution isn't available.
Other times, there may be vulnerabilities that are better dealt with through employee training because they relate directly to how employees use the programs. It's not uncommon for a piece of your software suite to have minor security that can be compensated for simply by changing a few small details about employee procedure. Sometimes this involves adding a step to improve security or training your employees to simply avoid a feature that contains a vulnerability.
If, for instance, one piece of software saves financial data to an insecure database but there's no developer-provided patch and your programmers don't have access to the internal code to make the saving procedure more secure. You can either train your employees to avoid this particular save feature or add a new step to the standard procedure that encrypts the database every time a change is detected. Enacting either solution will have the desired result of preventing company financial data from being stored in an insecure fashion.
When building a comprehensive cybersecurity defense, vulnerability management is vital in order to prevent your business from being 'snuck up on' through an undetected security hole. For every vulnerability, a solution must be found including patches, configuration, replacement, and of course network monitoring. Join us next time for part two where we'll talk about when and how to solve your vulnerabilities with network monitoring. For more news, tips, and trends in network security and managed IT services, contact us today!