GUEST ESSAY: The role advanced ‘VM’ is ideally suited to play in combating modern cyber attacks

By Chandrashekhar Basavanna

Modern cyber attacks are ingenious — and traditional vulnerability management, or VM, simply is no longer very effective.

Related: Taking a risk-assessment approach to VM

Unlike a typical cyber attack that exploits a software vulnerability, recent cyber attacks exploit other security risks, such as misconfigurations, security deviations, and posture anomalies. But VM vendors tend to focus more on software vulnerabilities and leave out everything else.

SecPod’s research shows some 44 percent of the total vulnerabilities in a typical IT infrastructure don’t have a Common Vulnerabilities and Exposure (CVE) designation.

The consequences of a cyber attack can be devastating; from a rapid drop in brand reputation to loss of business and sensitive data. Cyber attacks can also invite lawsuits and can even be fatal.

In addition to real-time protection, effective VM can also help with compliance at a time when data security rules are increasing in regulatory policies like NIST, PCI, HIPAA and GDPR.

With traditional VM, achieving compliance is a struggle. But advanced VM provides an actionable way of adhering to regulations and policies mandates that call for risks to be identified and detected as part of ongoing data security.

While traditional VM is herky-jerky, advanced VM is a continuous and smooth process that results in much more efficient and detection, integration, and automation.

Further, effective VM can be very cost-effective; the potential cost saved in preventing cyberattacks is enormous when compared to total security expenditures.

Reinventing VM

The importance of effective VM can’t be overstated. Yet given the evolving IT environment, CISOs, sysadmins, and IT security teams are struggling to protect their networks.

Basavanna

Ideally, VM should be continuous and proactive, but traditional VM is jagged, broken, insufficient — and in desperate need of reinvention.

With traditional VM, detection is limited to software vulnerabilities, assessment and prioritization to a common vulnerability scoring system (CVSS) ranking, as well as remediation to patching. This approach only provides superficial visibility into IT infrastructure, and does not take into account lateral attack vectors.

Without automation, the laborious task of scanning and remediation is difficult. Additionally, multiple teams use multiple tools in traditional VM, leading to a disconnect and friction between them, further reducing the effectiveness of traditional VM.

The Jira misconfiguration leaks highlight the devastating impact vulnerabilities beyond those called on in CVEs can have in a modern environment. Modern cyberattacks exploit misconfigurations and other security risks, and research reflects the same. Some 31 percent of respondents to a recent ESG survey pointed to misconfigurations as the initial point of compromise for a successful ransomware attack.

Advanced capabilities

Advanced VM computes high-fidelity attacks and criticality to mitigate risks effectively. Traditional VM can only remediate software vulnerabilities with patches, while advanced VM fixes misconfigurations, normalizes deviations, and eliminates other security risks. So a dangerous new exploit that lacks a CVE designation and registers a low CVSS score can still be detected and remediated in a timely manner.

The lack of the right tools with enough capabilities and the inertia to shift to new technology are the main reasons why advanced VM is not yet adapted universally. But it’s only a matter of time before it gets widespread adoption.

Modern networks are becoming increasingly interconnected and massive. This means a larger attack surface, numerous security risks, and more work for IT security teams.

Advanced VM, with its broader detection, faster scans, and integrated remediation, is the only way of combating modern cyberattacks. Clearly, advanced VM is well positioned to be a core component of combating ever-evolving cyber attacks.

About the essayist: Chandrashekhar Basavanna is the founder and CEO SecPod Technologies, a cybersecurity technology company creating solutions for enterprise IT Security teams to prevent cyberattacks on the computing environments.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone