Evolving your security strategy toward Self-Securing
Chris Goettl | Director, Product Management
Threat actors move fast. They are agile and shift tactics as opportunities arise. As the COVID pandemic changed how we manage our users and environments, threat actors also made changes. They adapted to this new opportunity very quickly. ZScaler released a report in April showing COVID themed attacks increased 30,000% between January and March of this year alone.
According to a RAND research study, a threat actor exploits a vulnerability in a median of 22 days and most exploits will have a shelf life of 7 years. An annual report from Recorded Futures of the most commonly exploited vulnerabilities from 2019 confirms this. Most exploits are compromising vulnerabilities that have been around for some time.
How do we counter this level of agility and adaptability? By adapting ourselves. We need to shift toward a Self-Securing strategy. Threat actors are gaining sophistication, but at the root of that sophistication is the same tactical execution they have been doing for years. Reconnaissance, exploit vulnerabilities, gain persistence, move laterally, exfiltrate\encrypt data. They are performing the same activities, just with more automated and augmented capabilities.
Through analyzing attackers' methods, the use of automation, and machine learning, we can improve our response times. This adaptive security approach is made up of three parts. Sensing, Prioritization, and Remediation.
Sensing: Discover what is in your environment. Detect running software and configuration and analyze for vulnerabilities. Continuously monitor for changes; new devices being introduced and changes in state of devices in the environment.
Prioritization: Risk-based prioritization to identify what is actively being exploited and respond to highest risks quickly. Predictive algorithms to anticipate changes and threats and give prescriptive guidance on what to do next. Noise reduction: there is always way too much data and way too many threats to manage everything, but that noise can be reduced to the critical activities that will mitigate the most risk quickly.
Remediation: Acting is critical; we need to respond proactively. Knowing what is being actively exploited optimizes remediation efforts. Our remediation and assessment capabilities must adapt. The COVID pandemic is a good example as we rapidly shifted to remote work and needed improved security capabilities. Public or private clouds, on premises or off premises user systems, corporate devices or BYOD, we need to ensure we can respond to threats to our environment. Threat actors are automating more of the attack quickly and at scale. Automating steps, reducing time between steps, and removing human elements increases response times and eliminates errors.
The biggest thing to keep in mind is Self-Securing does not mean humans are eliminated. Instead, it is a focus on automating activities that can be automated, generating the analytical data needed to make decisions quickly, and prioritizing actions to rapidly respond to urgent threats.
Learn more by attending the Ivanti Solution Session: "Achieving a 14 Day SLA on Vulnerability Remediation" in the On-Demand Zone.