Featured Article from Software Licensing

The Angler exploit kit made headlines recently, when advertisements running on the BBC, MSN and New York Times websites, among others, were embedded with malicious code. The result was that tens of thousands of devices were exposed to the threat of ransomware and users ran the risk of having to pay monstrous fees to regain control of their computers, all while the media organizations were made unwilling accomplices in the a scary new form of cyber attack dubbed malvertising.

Despite security advances and growing knowledge of how malware and ransomware work, cybercrime is on the rise. The only way to truly ensure your organization is protected is to be proactive, and one of the first lines of defense should be software vulnerability management.

“An organization’s first line of defense to minimize cybercriminal threats should be to reduce the attack surface – and by that I mean to reduce the number of vulnerabilities residing within an organization’s environment,” wrote Jim Ryan, president & CEO of Flexera Software, in a recent blog post. “Taking this preventative measure will significantly lower the likelihood that a hacker can do any real harm.”

According to Flexera, 16,081 vulnerabilities were recorded in 2,484 products from 263 vendors – in 2015 alone. In more encouraging news, 84 percent of vulnerabilities had patches available on the day of disclosure, meaning that organizations that had performed due diligence had reduced the likelihood of a breach right from the get go. Achieving that due diligence involves a number of steps, each one critical to proper software vulnerability protection and management.

Vulnerability intelligence includes evaluating all research data available on vulnerabilities as part of an overall security strategy in support of risk assessment. Information is collected globally from countless sources to compile a hit list of vulnerabilities, then used to enhance and update management tools. Collecting intelligence is a critical precursor to the three stages of the software vulnerability management lifecycle.

A comprehensive vulnerability management lifecycle begins by assessing and verifying vulnerabilities. Known vulnerabilities may then be filtered out so organizations can hone in on the unknowns, or those directly impacting security. Mitigation is the next step, through which the corporate security team hands off responsibility to the IT operations team, which takes care of patch management. Patches must then be tested, packaged and distributed to affected devices, and the whole process will ideally be automated to prevent system failures or overloads.

The final part of the vulnerability management lifecycle includes verification, through which the patch or mitigation technique is verified for success. Once verification is accomplished, the vulnerability attack vector is eliminated and may be checked off the list.

Being proactive about cybersecurity is an absolute necessity at a time when businesses need to be worried about ransomware, malvertising and whatever the next big hack happens to be. Software vulnerability management offers a way for organizations to take control of the process before issues arise, preventing the downtime, costs and overall business nightmare a cyberattack or breach can cause.