Effective vulnerability management in a multinational company

Vulnerability management is one of the cornerstones of cybersecurity in any society. Do you know which ones are most often exploited? Is it necessary to focus primarily on the unknown? What recent attacks have taken place in the Czech Republic and abroad? What are the types and levels of vulnerability management?

You will learn all this in this article and in the end we will present a unique offer on how to start managing vulnerabilities in your company – a one-time scan of your IT infrastructure and evaluation of detected vulnerabilities for free.

Why is it so important to manage vulnerabilities?

Vulnerabilities can be divided into two groups – zero-day vulnerabilities (not yet reported) and the known ones.. Vulnerability management focuses only on the second group. However, this does not matter, because more than 99% of cyber incidents are caused by the exploitation of already known vulnerabilities. Only the remaining percentage of incidents is caused by the zero-day type.

For example, hacker groups supported by a state may be among the attackers who exploit zero-day vulnerabilities. Besides, these are often detected along with cyber attack detection and become public knowledge. Defence against these attackers requires the introduction of advanced cybersecurity in the organization and is not the subject of this article. Furthermore, we will focus only on the known vulnerabilities.

Among the most well-known recent media cases using known vulnerabilities, we can include security incidents in Benešov Hospital or OKD. From publicly available information, we can assume that the Emotet and TrickBot malware, along with the Ryuk ransomware, are behind the attacks. The malware exploits EternalBlue vulnerabilities to extend the infrastructure of the compromised organization. The same vulnerability was exploited more than two years ago by the chronically well-known ransomware WannaCry, which gained attention mainly due to the elimination of critical hospital systems in the UK. WannaCry has attacked more than 200,000 computers worldwide in more than 150 countries with an estimated $ 4 billion in damage, using only a few known vulnerabilities.

Vulnerability management is one of the cornerstones of information security and can prevent or at least reduce the damage caused by a cyber attack.

From manual search to detection of vulnerable applications and systems in real-time.

Manual identification of vulnerabilities: The basic option for managing vulnerabilities is to manually check for new ones, routinely performed by IT staff. There are many sites dedicated to providing up-to-date information about new types. This way of managing vulnerabilities is most often introduced in companies where cybersecurity is not formalized and addressed in any way. In addition, this activity is very time consuming and inefficient, many vulnerabilities are not discovered in this way at all. As can be seen from the examples in the first part of the article, a large number of companies, some even belonging to the critical infrastructure of the state, address vulnerabilities in this inappropriate way.

One-time vulnerability scanning: This is often a stepping stone to the implementation of cybersecurity in society. We scan the customer’s complete infrastructure with a professional tool. Our experts subject the collected data to a thorough analysis and prepare a report containing the most serious detected vulnerabilities and deficiencies. The customer can then effectively prioritize solving these problems and spending funds. These one-time scans are performed regularly, eg quarterly. However, it is always only a one-time picture of the current state of the infrastructure. If a new vulnerability or other problem occurs between scans, it must be detected manually again. This solution is suitable for small and medium-sized companies that have a limited budget for cybersecurity.

Real-time vulnerability monitoring: This is the most comprehensive solution, in which individual systems and applications are monitored and evaluated in real-time. Data is collected remotely or locally and sent to central management, where it is evaluated and prioritized. The main advantage is the immediate identification of new vulnerabilities, their prioritization and effective resolution of the most serious ones for which, for example, an exploit is already available (a way that it can be exploited by an attacker; not every vulnerability can be exploited automatically).

Deployment of a vulnerability management system in a multinational company

Our customer is a multinational organization operating tens of thousands of servers and hundreds of thousands of end stations in more than one hundred geographically separated locations around the world. The customer’s main problem was the introduction of continuous monitoring of vulnerabilities on all operating systems and applications, including monitoring of databases and industrial systems. Furthermore, the integration of this system with other established tools of cybersecurity.

We chose Qualys technology to implement the required solution. The main challenges in designing the solution included some different systems and applications operated by the customer. It was not possible to install a local agent on some systems, so we had to count on remote monitoring and scanning. Also, there were frequent relocations of individual facilities within the infrastructure, with new facilities being added and replaced daily. This required integration with other tools such as asset management or a ticket management system. The scope of the proposed system did not allow its manual administration and it was necessary to design and implement a high degree of automation of standard activities.

The problems outlined above were solved using the API of the used tool and our development of automation tools and integration modules. Currently, the system detects millions of vulnerabilities, which are automatically prioritized according to the criticality of the infrastructure element and other parameters. In addition to maintaining and expanding the system, we also ensure its continuous operation.

In addition to the described detection and evaluation of vulnerabilities, this solution is also able to evaluate the compliance of system and application settings with best practice and compliance with customer security policy. The main benefits for the customer include an increased level of cybersecurity throughout the organization. Extension modules make it easier to demonstrate compliance with standards and legislation. Besides, the service enables efficient allocation of human and financial resources and overall financial savings.

An unique chance just for your company

The proposed solution can be replicated to other customers aimed at increasing cybersecurity by implementing a vulnerability management service. Also, we currently offer one-time scanning of your infrastructure free of charge. You will get an up-to-date picture of the biggest vulnerabilities including recommendations on how to deal with them. Subsequently, you can decide whether this format is suitable for you, for example in the form of quarterly testing, or whether to move vulnerability management to a higher level.

The article was published in the magazine Pro computing. You can read it here.