New Google vulnerability: Learn about zero-day CVE-2022-3075 in Chorme web browser  | Fix now >> 

The CyberRisk Summit on-demand: Watch the latest #CRS anytime, anywhere | Watch now  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>


Enterprise Security: Deja Vu All Over Again?

Rhett | November 05, 2019

The 1990s: When Remediation was Simple

Back in the 1990s, every company’s network was fairly self-contained, using relatively few third-party programs with little direct contact with the developing internet, especially during work hours. Corporate email domains were completely separate from personal ones, such as AOL, Yahoo! mail or invitation-only Gmail. 

Remediation basically meant fixing your software’s bugs, and even when third-party software was to blame, problems could be handled manually. With fewer than 1,000 reported new vulnerabilities annually, vulnerability management before 2000 was relatively easy; prevention and hygiene were enough. 

Today’s Environment and Its IT Challenges

Fast forward to 2019, and the IT environment is completely different, with infrastructure and apps changing substantially. More and more enterprises are becoming cloud-native; while self-contained, siloed data centers and networks no longer being the norm. Moreover, the way we are managing our infrastructure and applications has also changed. Rather than going through a long, demanding deployment process, the production environment is becoming a lot more flexible. This stems mainly from CI/CD and DevOps practices implemented. Different teams are continuously utilizing advanced automation to deploy faster, enabling the business to stay up-to-date with customer needs. Nowadays, in order to manage these processes, teams can no longer use one tool alone. It’s become common-place to utilize a variety of tools, which in itself has created various complexities as to how to control and manage our networks. 

Combined with changes in the threat landscape, these challenges climaxed. The number of vulnerabilities disclosed has skyrocketed in the 2010s, with over 30,000 new vulnerabilities disclosed in 2017-18 alone. By the same token, the time to exploit has dropped substantially, demanding a much quicker response. 

This can be quite overwhelming for the IT and security teams. It stems from both a methodological problem as well as a logistical one. The methodological problem is that for too long, security teams have focused on the vulnerabilities with the highest CVSS scores or “zero day” issues rather than concentrating on the items that pose the greatest actual threat to their specific enterprise. This methodological issue is compounded by a logistical one: a serious shortage of qualified personnel. Cybersecurity Ventures predicts  there will be a shortfall of 3.5 million cybersecurity personnel in the US by 2021. As a result of these problems, IT and security very often waste their limited resources on attempting to solve the wrong “problems.” 

A Return To IT Basics (Adapted to 2020)

As a result of these structural flaws in the current approaches, a countertrend has emerged in the past few years; a return to basic prevention and hygiene rather than simply responding to the vulnerability which has received the most attention. 

This trend had resulted in some improvements on the 1990s model: risk-based prioritization and automated vulnerability remediation. Given the number of vulnerabilities out there, it’s become clear that effective prevention means taking a risk-based approach to assessing vulnerabilities. This means determining which vulnerabilities pose the greatest threat to your system and remediating them first. The second shift is towards automating the remediation processes. Automating key steps within this process allows you to accurately and consistently apply solutions and drive forward the remediation process - from automating ticket creation with remediation tasks, to implementing fixes to the vulnerabilities. Through automation, the remediation process can be scaled, ensuring the appropriate solutions are applied, be it configuration changes or patches.

Combined, these approaches to vulnerability remediation signal a return to IT basics: protecting and securing production environments from the ground up, rather than having to respond to attacks after they have happened. 

Continuous Automated Remediation Is The Answer

To survive in today’s challenging IT environment, implementing this approach within your remediation process is becoming essential. More and more enterprises are starting to adopt this understanding within their programs, and their effectiveness is apparent.

Curious as to how you can implement this approach and start remediating to a much greater effect? Click here to see the most cutting-edge remediation solution in action.