Vulnerability Management Tip: Focus On What’s Important – Not Just Urgent

 

With increasing frequency, there seems to be a common narrative among organizations suffering from a public data breach:

  • A vulnerability is identified in an underlying component of a commercial software solution.
  • The vendor releases a patch to address the vulnerability.
  • Months, if not years later, an organization using that software solution is subject to a data breach.
  • Forensic analysis reveals that the cause of the breach is due the exploitation of the same vulnerability still present on the system despite the availability of a patch.
  • Personal Identifiable Information (PII) was found accessible or stored on the affected systems with inadequate security controls in place
  • Attackers managed to exfiltrate PII data

Sound familiar? This narrative has been the story of almost every major data breach in the past several years.  There are two key questions to take away from this cautionary tale.

  1. If a patch was available, why was the vulnerability still present on an affected server months/years after the patch release?
  2. If access and/or storage to PII is critical to the function of the application, why was this application not prioritized for patching since it represents a high-risk asset (web-facing, PII accessible)?

Both questions point to a failure in risk prioritization.  Security teams spend millions of dollars on solutions to address critical issues like patching, but lack the ability to bring the information generated by these solutions together in a meaningful way.  Vulnerability intelligence is just noise unless it is married to accurate asset state data. 

Prioritizing treatment of vulnerabilities targeted by threat actors, while also considering asset criticality and exposure, will focus remediation on the elimination of imminent risks.

 

Focusing On What Matters Most

With NorthStar Navigator, our customers start by building an accurate asset inventory based on the information generated by their existing security tools and management systems.  Once that asset repository is built, NorthStar can overlay existing business logic and information to help identify important characteristics like line of business and data classifications.  This enriched asset inventory serves as the foundation for NorthStar to add existing and commonly used threat intelligence feeds like the CVE database and Symantec Deepsight to bring together actionable vulnerability and remediation information.  When coupled with the asset inventory, this exposure data is now accessible and centrally located for any stakeholder in the organization from the CISO down to the helpdesk.

The accessibility of exposure and asset data will dramatically change your approach to remediating existing vulnerabilities.  By leveraging the enriched data that NorthStar provides, you will have the ability to make critical and informed decisions based on real, verifiable data.

When new vulnerabilities are identified, you will immediately be able to:

  • Observe where that vulnerability exists in your environment
  • Understand the criticality of those systems to the overall business
  • Prioritize remediation efforts accordingly
  • Leverage historical data to track ongoing remediation efforts based on a specific vulnerability or across the entire attack surface of the organization all within a single pane of glass.

NorthStar Navigator provides a comprehensive view of risk and empowers security teams with the confidence of utilizing their personnel and resources in the most impactful way to protect their business.

For more information on how to implement a prioritized vulnerability risk management program, contact us.