It’s fundamental. Protecting your organization from cyberattacks comes down to a solid security program, the basics—and executing these well. Securosis’ research reinforces the importance of completing the seemingly simple, perhaps even boring tasks first, to reduce the risk of exposing critical IT systems to known vulnerabilities. The report covers strategies to ensure visibility of IT assets, and to achieve and maintain a strong and consistent security posture across those assets.
Given the ease with which adversaries can change their attack signature to evade detection and temporary virtual patches, the fact that it’s impossible to come up with a perfect detection signature, and the difficulty in ensuring that all traffic goes through an inspection point, deploying a vendor patch is the only long-term solution.1
Fix vulnerabilities fast and completely with vendor-issued updates. It’s important to have a robust high-priority patching process in place that ensures patches address high-risk vulnerabilities quickly and correctly. Organizations need to establish and agree on criteria to trigger these high-priority (out-of-cycle) patching efforts. Hackers too often quickly exploit publicly known security vulnerabilities. Don’t give hackers an easy way in.
Over the long term, strategically using PaaS services is one of the better ways to reduce technology stack risk.1
Work with a known, reliable, trusted vendor who can offer validated support. Relying on third parties can even grow the potential attack surface area, increasing rather than mitigating risk. In addition, cloud services help take the security responsibility off the customer, leading to a safer and more future-proof IT strategy.
The best long-term solution will always involve patches provided directly from the vendor…1
To work together effectively, all teams need to be aligned on cyber hygiene. It’s critical to have a patching strategy in place to move quickly and immediately apply any high-priority patch that fixes a known vulnerability.
1 Securosis Report, “Security Hygiene: The First Line of Security,” May 2021.