Another patch has been released for the operating system that is installed on our server.
One of the first questions that comes to mind is “Do I need to install this update?” or “Can I wait for the next one and save some time by skipping a patch window?”. Sometimes we might even think that the vulnerability is not as critical as the vendor says. Of course we can be right from time to time to ignore an update or delay the installation on our servers.
It is even more common to see missed patches on network devices, firewalls, let alone bespoke applications or systems that are so critical that downtime is almost impossible or the risk of losing the system is so high, the Business just cannot handle it to bring down these infrastructure components.
As a result of the above it is not unusual to find systems with 5, 7 or even 10 year old code installed.
It is possible for us to ignore issues like this, the recommendation of penetration testing or system auditing as well.
The probable reasons are usually one of the following and many others:
• too many false positive alerts/reports of the same type of vulnerabilities
• lack of resources or valid support contract
• not enough time to analyse the vulnerability, penetration test and system audit reports, therefore the Business cannot make a decision how to proceed.
Managing the bugs and security holes in your hardware or software effectively and efficiently is not easy. First we need a system implemented that can proactively map and scan your network infrastructure, servers, applications and so on. Once it is implemented we need to deal with the possible false positive alerts, or even more importantly prevent any potential false negatives. False positive is a false alarm, but false negative is when a vulnerability is not recognised resulting in a false sense of security.
When we have setup the vulnerability Scans, dealt with the false positives and false negatives, someone within our organisation needs to review, analyse and action the reports. To achieve the above, a team needs to be built; a Security Operations Centre that can deal with the tasks that come out of the Vulnerability Management process. The challenge here is to find the right people with the right skills, and to be able to build the process around the management of the system weaknesses that will be possible to maintain long term.
ITC Secure Networking can provide Vulnerability Management as a service and is an experienced integrator of vulnerability data with SIEM using Qualys and HP ArcSight. ITC are also able to provide consultancy of modern Network Access Control solutions using Forescout.
Contact ITC at [email protected] to discuss our NetSure360° Security, Performance and Network Management platform.
