You might wondering and curious about building effective cybersecurity programme in your organization in order to protect againts advanced threats. When it comes to build security best practice and well architectured design NIST Cybersecurity framework provides this one.
In order to defense against growing cyber threats we must be aware of critical vulnerabilities in our infrastructure. Otherwise attacker will found a way to penetrate enterprise network. I would like to share which I read before great article from improsec key notes vulnerability management notes about Notpetya attack.
** The idea is to argue a mindset change in the patch and vulnerability management minds of organizations and regulators. We don’t need to patch all things at once. But we need to patch the things that possess a current threat!
** Whether you are using CISA or MISP, you can extract a list of vulnerabilities being actively exploited. If you are in the lucky situation that you have a vulnerability scanner in place, you should be able to obtain an overview of which of your IT assets possesses which vulnerabilities.
** You might also be in such luck, that you have performed a crown jewel assessment, identifying business-critical systems and services, and by that the supporting infrastructure. Finally, you might have a place to cook it all together like a Security Information and Event Management (SIEM) system.
** With this recipe, you have the optimal circumstances for being able to detect when new vulnerabilities start to be exploited, where in your environment it would have an effect, and potentially if an affected IT asset is related to a business-critical system and by that a prioritization.
** At the same time, the number of reported vulnerabilities is growing even more. And (often) still the same number of people within the organization are allocated to address the issues. If we don’t approach the issues with vulnerabilities in a cleverer and more structured manner, we will definitely lose the race on ransomware.
** Despite the critical severity of the vulnerability[7], many corporate patch and vulnerability processes were not optimized to handle vulnerability of this magnitude. Furthermore, many networks were still flat as a pancake with little or no barriers to avert such an attack. But where segmented networks and “zero-trust” architecture will be a challenge for most organizations, the patch management discipline should be straightforward.
** We must move the kill chain left and reduce the success of an attack before it is too late. And intelligent patch management is a serious consideration to take.
