Cyber security And risk leaders need to combine risk management practices with the specific needs of their organization, not a mythical standard.
Although it is technically possible to patch all Windows systems in three days at a large international bank, the resulting business disruption could potentially become an insoluble solution.
About the Author
Craig Lawson is a research vice president. Gartner.
The question then is what is the realistic time frame for fixing and addressing? security Weaknesses?
A Swiss bank, a UK retailer, and a Chinese government agency will all have very different answers – because the risk scenario is very different for each individual organization.
Unfortunately, the recognized “industry standard” for the time frame for overcoming weaknesses rarely requires organization-related barriers, technological considerations, internal policies, or external compliance requirements.
The reality is much more complicated than that.
The important thing is to change ‘what a platform gets patched’ to ‘the specific risk of platform weakness has been significantly reduced’.
To achieve this, organizations must adopt a more structured risk and fact-based approach to risk management as part of the overall security program.
How fast is weakness management?
The only limitation of reported weaknesses is that organizations are challenged to address and modify them in an appropriate, timely manner.
Depending on how quickly vulnerabilities can be exploited, organizations need to be equipped to implement emergency reforms to key systems after a vendor has issued a patch to address vulnerabilities. Also invested heavily in mitigation measures. Improving the maturity of their remediation process is also necessary to achieve any emergency improvement in all system types within weeks rather than months or years.
Four best ways to work effective treatment time frames:
1. Straighten weakness management for risk appetite.
Organizations have a limit to the speed at which they can patch or compensate for weaknesses. This upper limit is due to each company’s operational risk, IT operational capability / capabilities and its ability to absorb barriers when trying to restore weak technology platforms.
Security leaders develop risk management practices by reviewing specific use cases according to their organization’s needs and requirements, measuring operational risk appetite for specific risks, or risk-based risk apparatus, and corrective capabilities and Can set boundaries.
2. Prioritize vulnerabilities based on risk.
Organizations should apply a comprehensive, risk-based risk priority based on ideas such as severity of risk, current exploitative activity, business criticism, and exposure of the affected system.
One of the biggest changes you can make is focusing on the dangers that are being exploited in the jungle. This should be the number one goal and will ensure that the biggest threats are dealt with quickly and efficiently.
Companies can more effectively reduce their attack levels while integrating less operational impact compensation controls on the organization that can achieve virtual patching – such as intrusion and prevention systems, and web applications. Firewalls Such as with a corrective solution. Patch management Tools. New technologies, including brake and attack simulation (BAS) tools, can also provide insights into how your existing security technologies are configured and whether they are able to protect you from a variety of threats. ransomware.
If the supplier has not yet provided the patch, and the system is not supported for other reasons such as software compatibility, patching the system is simply unworkable. It is important to note that highly regulated industries often have mandates that can limit your ability to work, such as patching.
Patching isn’t everything, though: it’s hard, it can break things, and it takes time. That’s why it’s important to have Plan B – you need more arrows than just patching your threshing floor.
If you work well with your vulnerability management program, you can significantly reduce your attack level. This allows you to set a difficult target for the threatening actor trying to take advantage of your environment. That is why it is so important.
4. Use technology to automate risk analysis.
Using technologies that can automate risk analysis, you can improve optimization windows and performance.
It is also important to review solutions to assess your current vulnerabilities and ensure that they support current types of assets. the cloud, Containers and cyber physical systems in your environment. If not, extend or modify the solution.