Summary
- Ransomware prevention is a massive challenge and has gained considerable attention
- Focus on risk-based vulnerability management as key line of defense against threat actors
- New technologies offer critical improvements over legacy vulnerability management strategies
The Global Impact of Ransomware is Surging
Ransomware has a long history, going back to 1989. The grift is straightforward. First, deliver a malicious payload which disrupts an organization by encrypting data in such a way that only the attacker can provide decryption. Second, extort the organization for payment in exchange for (if there is honor amongst thieves) what is needed for decryption and/or not releasing sensitive data.
There have been multiple waves, and they seem to get worse with each iteration. WannaCry was a particularly widespread attack which leveraged the EternalBlue exploit kit, leaked by the Shadow Brokers outfit. WannaCry was followed by NotPetya, which also used EternalBlue.
The latest wave has garnered a lot of attention. The Colonial Pipeline attack had an impact on not just the company, but on consumers in the United States as operations at one of the largest pipeline operators in the country were interrupted before the company paid the ransom. A large meat supplier was also recently butchered by an attack which impacted their operations.
This spate of high-profile attacks in recent years has made cybersecurity and ransomware familiar topics to the general public. This has lifted ransomware prevention from an IT security issue to something a wide swath of the population is aware of and impacted by. Some of those paying a lot more attention to the problem have quite a bit of influence. Recent attacks likely spurred a May 2021 Presidential executive order which offered recommendations on improving cybersecurity for the United States federal government, and a later memo from the White House which offered advice to private organizations.
Risk-Based Vulnerability Management Output Is a Challenge
The recent White House memo identified risk-based patch and vulnerability management as a priority for organizations. A robust vulnerability management program is an important line of defense against ransomware attacks. An open vulnerability is an opportunity for a threat actor looking to deploy ransomware. But vulnerability management is often a tricky, time-consuming, and highly manual task. Vulnerabilities are so numerous organizations often don’t know which to patch first. This leads to many security teams relying on blanket vulnerability severity scores to identify which to address first. But just because a vulnerability has a high severity score, that doesn’t mean a company your size, in your vertical, with your unique security setup is at risk. It can’t be overstated: context is key in vulnerability management.
There are gaps that grow into chasms in the process of assessing risk to guide vulnerability remediation efforts. It starts with understanding where your assets are across highly dynamic multi and hybrid-cloud environments, probing to understand the vulnerabilities those systems and web applications have, transforming vulnerability data into actionable information based on risk, which finally leads to where you can best focus remediation.
Moving through the process with traditional tools requires a lot of time-consuming manual effort, which increases the chances of gaps and mistakes. It is also prone to errors, missed assets, overly simple prioritization, somebody being on vacation… the list is long.
How to Ease the Burden of Identifying Vulnerabilities and Quantifying Risk
The White House memo identified the right approach toward vulnerability management, but it didn’t set out a plan for how to get there. A tip for all organizations who want to achieve their vulnerability management goals: Forget the old ways of doing things – the latest vulnerability management products provide powerful automatic vulnerability contextualization, removing confusion and manual error in the process.
We are living in an era where vulnerability management products can:
- Discover assets across the entire enterprise (physical, virtual, IoT, on-premises, cloud, web applications)
- Assess the vulnerabilities present from both an external and internal viewpoint
- Prioritize the vulnerabilities based on risk by using artificial intelligence and machine learning that takes both external and internal factors into account
- Produce a ranking of all vulnerabilities, based on risk, to guide remediation efforts
These capabilities reduce the burden of vulnerability management and allow a precision of action which was previously very difficult to achieve. Modern vulnerability management products can automatically scan for assets and probe endpoints and web applications to identify vulnerabilities, while also assessing risk based on factors relevant to an organization. But often, the value they provide goes much deeper than this.
Let’s take Taegis™ Vulnerability Detection and Response (VDR) as an example. A simple way of understanding the power this technology offers is this: Imagine VDR is like having 40+ experts dedicated to providing data to your vulnerability program, all day every day. One expert is focused on the availability of remote exploits of each vulnerability, another is researching threat actor chatter on the dark web to see how threat behavior relates to vulnerabilities. Another expert is focused on the position and criticality of each asset relative to other assets, while a different person researches intelligence about threat actors from trusted sources. Continue this thought experiment for a further 36 or so factors critical to vulnerability management and you have a picture of how VDR works. This kind of automated vulnerability identification and categorization can help organizations achieve what seem like lofty and arduous goals for their program. Through swift and accurate identification of vulnerabilities, the risk of ransomware is significantly reduced.
So while the recommendations from the White House seem difficult to achieve in practice, in reality new technologies like VDR simplify the process and make it much more effective.
See for yourself with a Taegis VDR Demo.
