Saturday, June 3, 2023
News 21 AV
  • Home
  • Tech News
    Ban predictive policing systems in EU AI Act, says civil society

    Insights on Nordic artificial intelligence strategies

    Unionised contract workers who train Google’s AI win pay rise

    Unionised contract workers who train Google’s AI win pay rise

    Government given until autumn 2023 to create technology roadmap to support net-zero strategy

    Government given until autumn 2023 to create technology roadmap to support net-zero strategy

    Ellison-founded sailing league SailGP plumps for Oracle NetSuite to expand

    Ellison-founded sailing league SailGP plumps for Oracle NetSuite to expand

    Cabinet Office looks to expand public data sharing for digital ID

    Cabinet Office looks to expand public data sharing for digital ID

    A pandemic retail trend that’s here to stay?

    LockBit cartel suspected of Royal Mail cyber attack

    Umbrella firm Parasol confirms ‘malicious activity’ as root cause of ongoing systems outage

    Government accused of leaving umbrella company regulation in limbo by shelving enforcement body

    UK government completes trials of age estimation technology

    UK government completes trials of age estimation technology

    Cyber insurance: The good, the bad and the ugly

    Companies warned to step up cyber security to become ‘insurable’

  • Virtual reality
    The other DWI: Driving while immersed

    The other DWI: Driving while immersed

    We tried out Canon's VR calling app Kokomo

    We tried out Canon’s VR calling app Kokomo

    Peacock subscribers can now stream content on Meta Quest devices

    Peacock subscribers can now stream content on Meta Quest devices

    A decade later, this VR treadmill is finally ready to ship

    A decade later, this VR treadmill is finally ready to ship

    How XR Technologies Are Making Design Reviews Immersive | NVIDIA Blog

    How XR Technologies Are Making Design Reviews Immersive | NVIDIA Blog

    Review: PlayStation VR2 is a huge leap that still can't escape its niche

    Review: PlayStation VR2 is a huge leap that still can’t escape its niche

    Meta Quest users can now tap and swipe in VR without controllers

    Meta Quest users can now tap and swipe in VR without controllers

    Former Salesforce exec Bret Taylor is teaming up with Google AR/VR vet Clay Bavor on mystery startup

    Former Salesforce exec Bret Taylor is teaming up with Google AR/VR vet Clay Bavor on mystery startup

    Google’s GV backs SideQuest, an unofficial Meta Quest app store

    Meta’s Reality Labs lost $13.7 billion on VR and AR last year

  • Lifestyle
    JUNTOSO 3 Pieces Recliner Sofa Sets

    How To Choose The Right Velvet Chesterfield Sofa For Your Living Room

    High-End Strollers

    Luxury Redefined: 6 Most Innovative Features in High-End Strollers

    Tips for Caregivers and Inter-abled Partners

    Top Tips for Choosing the Best Senior Living Facilities for You or Your Loved Ones

    Pros and Cons of No-Fault Insurance

    What are Medigap Plans? – Morning Lazziness

    Organizer1

    Organize Your Workspace With Industrial Storage Systems

    coffee

    Caffeine and Beyond: Natural Energy-Boosting Alternatives to Fight Fatigue

    How to Save Money as an Expat

    Staying out of Debt While Living With a Chronic Illness

    CapCut Online Editor

    Powerful Product Demos: Utilizing CapCut Online Editor for Your Business

    hair serum woman

    How To Use Redensyl Hair Growth Serum

  • Beauty
    Water Flosser

    This Bestselling Waterpik Is On Sale Right Now

    Proud To Be Pink Bobbi Brown Gloss Duo

    Proud To Be Pink Bobbi Brown Gloss Duo

    ColourPop x Snitchery Collection Swatches (Eyes & Cheeks)

    ColourPop x Snitchery Collection Swatches (Eyes & Cheeks)

    Image may contain Clothing Apparel Human Person Lingerie and Underwear

    Period Care Ads Are Woefully Lacking in Disability Representation

    mileys new years eve party

    Who Is Maxx Morando? – All About Miley Cyrus’s New Boyfriend

    Dior Cosmic Eyes (359) Eyeshadow Palette

    Dior Holiday 2022 Collection Swatches

    preview for How Emma Stone Became an Oscar-Winning Actress

    Who Is Dave McCary? Meet Emma Stone’s Husband and Baby Girl’s Dad

    Coloured Raine Sunset Chic Eyeshadow Palette Review & Swatches

    Coloured Raine Sunset Chic Eyeshadow Palette Review & Swatches

    Mila Kunis Criticizes Celebs Who Gave Will Smith a Standing Ovation at the Oscars After The Slap

    Mila Kunis Criticizes Celebs Who Gave Will Smith a Standing Ovation at the Oscars After The Slap

  • Health & Fitness
    2023 CrossFit North America West Semifinal Results — Alex Gazan, Patrick Vellner Notch Wins

    2023 CrossFit North America West Semifinal Results — Alex Gazan, Patrick Vellner Notch Wins

    Q&A With Ann Partridge, MD, MPH

    Are Psoriasis and Allergies Linked?

    Lucy Underdown Sets Kratos Bar Deadlift World Record of 305 Kilograms (672.4 Pounds)

    Lucy Underdown Sets Kratos Bar Deadlift World Record of 305 Kilograms (672.4 Pounds)

    Q&A With Ann Partridge, MD, MPH

    Can Statins Cause Brain Fog?

    The 10 Best Medicine Ball Exercises for Power, Conditioning, and More

    The 10 Best Medicine Ball Exercises for Power, Conditioning, and More

    WebMD: Better information. Better health.

    The Nuances of Treating Vitiligo in People of Color

    WebMD: Better information. Better health.

    Build a Care Team You Trust

    Hi-Tech Implant Helps Paralyzed Man Walk More Naturally

    Hi-Tech Implant Helps Paralyzed Man Walk More Naturally

    How to Do the Incline Dumbbell Bench Press for Upper Pec Muscle and Pressing Strength

    How to Do the Incline Dumbbell Bench Press for Upper Pec Muscle and Pressing Strength

  • Equipment
  • Login
No Result
View All Result
News 21 AV
Home Tech News

No easy fix for vulnerability exploitation, so be prepared

News 21 AV by News 21 AV
October 18, 2021
in Tech News
0
No easy fix for vulnerability exploitation, so be prepared
0
SHARES
2
VIEWS
FacebookTwitter

Related posts

Ban predictive policing systems in EU AI Act, says civil society

Insights on Nordic artificial intelligence strategies

January 14, 2023
Unionised contract workers who train Google’s AI win pay rise

Unionised contract workers who train Google’s AI win pay rise

January 14, 2023


The issue of vulnerability management puts responsibility of varying natures and degrees across the organisation, including how, when and what to disclose (if anything) if the occasion arises.

But ultimately, the first duty is to prevent vulnerabilities being exploited and causing damage in the first place – although the first step in vulnerability management needs to be the acknowledgement that there is no easy fix. 

To put it into context, it requires the CISO and his or her team to remediate vulnerabilities they didn’t cause, in applications and infrastructure they don’t own, as well as regularly bypass their organisation’s change management processes by installing patches they didn’t design, and often have no say in when they are applied.

But businesses can only operate effectively in a secure environment – and that necessitates a robust process for identifying, classifying, remediating and mitigating vulnerabilities.

Asset management

The prerequisite for this process is asset management – an enterprise that doesn’t have its IT assets logged is making a tough task even more difficult. To help this activity, there are many tools that automatically roam the network to identify applications and infrastructure and automatically catalogue them in an inventory management system.

However, automated scanning tools need to be engaged with caution near the operational technology (OT) used for industrial control systems because of the varied nature of the technology, and the critical nature of the infrastructure to an organisation.

With an inventory of everything that could be up for grabs for an attacker, the next step is to identify the assets that are actually under threat – networks, operating systems, applications, and so on – alongside the possible vulnerabilities. 

Threat intelligence

That, of course, means knowing what vulnerabilities are out there – and are currently most likely to be used. In principle, this is straightforward – it’s a case of scanning applications or programs developed in-house before they are deployed or connected to the network, and signing up to vendor mailing lists for updates as they occur.

But the reality is that breaking zero-day vulnerabilities often become common knowledge on social media before the vendor has communicated a potential issue, making this a key source in view of the need to respond quickly to new vulnerabilities.

Alternatively, the attackers themselves might break the news about a vulnerability within their networks, sharing exploits online so that other attackers can take advantage of them. On occasions, they might disclose it to the wider world, for example if the objective is to force changes in behaviour by their targets.

And the role of bug bounty schemes, in which individuals are compensated for reporting bugs, particularly those relating to security exploits and vulnerabilities, ethical hackers and penetration testing in identifying exploits, cannot be underestimated.

Prioritisation

With information on both assets and vulnerabilities, an all-important priority list can be created to set out a hierarchical system of assets and the actual threats they face. That said, it is often challenging for a CISO, who will face a persistently high threat volume, to categorise the risk types and be realistic about which vulnerabilities are most likely to be used.

Tools that scan and report on vulnerabilities tend to shock and overwhelm. CISOs are looking for clarity on simple measures that can remove a high volume of likely or most damaging attacks, rather than having to wade through large amounts of data that does not take into account the organisation’s risk tolerance, mitigations, or ability to respond.

Patching

Patch management is, understandably, a popular reference in discussions around effective vulnerability management, and it is an important part. However, it has to happen in conjunction with asset management and be combined with penetration testing and vulnerability assessments, as referenced above.

Indeed, response plans are often better informed with threat intelligence on who may be attacking what systems with what mechanisms, while SOAR (security orchestration, automation and response) functionality can provide a more effective defence when new exploits are identified.

Also, not all vulnerabilities have patches, or it may be that the patch by itself isn’t sufficient. Sometimes network layer protection or rebuilding access control models is also required, which is time-consuming and arduous, especially if it is on a critical system or one facing the internet.

Practicalities

Vulnerability management cannot be undertaken by a single person or team. It needs coordination from many different units within an organisation, along with highly and continuously trained individuals – the expense of which can be prohibitive to board buy-in.  It also requires CISOs with hybrid skillsets able to balance the requirements of the business with the constantly shifting security landscape and across multiple channels.

Some form of downtime or disruption to the business is usually required as system changes are made, with “maintenance windows” usually determined by each separate application owner. Navigating the often multiple approvals required can be time-consuming – and potentially can take longer than identifying the fix required.

It is also important to consider whether making the changes and addressing the vulnerability will actually make the organisation more secure. For example, low-level vulnerabilities will often be ignored in order to prioritise higher-risk vulnerabilities which might cause a greater impact to the business if exploited.

Equally, patching might have unexpected consequences, such as the recent Microsoft Windows update that removed many organisations’ print networks. Not undertaking a change, or even rolling it back, along with leaving the vulnerability to exist, need to be considered as options.

Security teams working with OT – such as supervisory control and data acquisition (SCADA) – are likely to find the constraints around vulnerability management even tighter. Scanning is problematic, downtime is often non-existent, and there is no test environment to confirm that there will be no impact. Network-level controls to restrict access to vulnerable devices are often the preferred option – although, if not already in place, are time-consuming to implement.

Vital work

In summary, vulnerability management demands a full understanding of the organisation’s assets, what they are running, whether they have direct access to the internet, and how critical they are to the business. 

Teams need to be vigilant in scanning for information that impacts their operations – ingesting vulnerability news for zero-days, while also not shying away from using unorthodox methods of obtaining information such as social media.

It is challenging work in an IT environment that faces an increasing number and variety of threats – making it essential that every organisation takes it seriously.



Source link

Tags: easyexploitationfixPreparedvulnerability
Previous Post

Scorpio Daily Horoscope – Free Scorpio Horoscope for Today From the AstroTwins

Next Post

Supercomputers Mimic Brain Activity, Hunt for COVID Treatments

Next Post
Logo for WebMD

Supercomputers Mimic Brain Activity, Hunt for COVID Treatments

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RECOMMENDED NEWS

CHANEL Chance Eau Tendre Scented Bath Tablets

CHANEL Chance Eau Tendre Scented Bath Tablets

12 months ago
10 Best Portable DVD Players for 2022

10 Best Portable DVD Players for 2022

1 year ago
Rhianon Lovelace Sets U64 Atlas Stone World Record of 146.8 Kilograms (324 Pounds)

Rhianon Lovelace Sets U64 Atlas Stone World Record of 146.8 Kilograms (324 Pounds)

3 months ago
Deck of Scarlet Solid Lip Oil New Shades

Deck of Scarlet Solid Lip Oil New Shades

12 months ago

BROWSE BY CATEGORIES

  • Beauty
  • Equipment
  • Health & Fitness
  • Lifestyle
  • Tech News
  • Virtual reality

BROWSE BY TOPICS

Beauty Equipment Health & Fitness Lifestyle Tech News Virtual reality

POPULAR NEWS

  • The 20 Best Leg Exercises for Size and Strength

    The 20 Best Leg Exercises for Size and Strength

    0 shares
    Share 0 Tweet 0
  • Who Is Dalton Gomez – Meet Ariana Grande’s Husband

    0 shares
    Share 0 Tweet 0
  • 14 Best Sanitary Napkins To Provide Comfort During Periods

    0 shares
    Share 0 Tweet 0
  • 10 Best CD Players in 2021

    0 shares
    Share 0 Tweet 0
  • Why Power Dressing is Important at Workplace For Women

    0 shares
    Share 0 Tweet 0
News 21 AV

We bring you the best of latest news articles with an emphasis. We offers an original take on the latest in Lifestyle, fashion, high tech and health & fitness informations and guides.

Follow us on social media:

Recent News

  • Anxiety, Your Brain, and Long COVID: What the Research Says
  • Black and Gray Decor Spiced With Hot Red Accents & Lush Terrariums
  • Blessing Awodibu Set to Compete in 2023 Chicago Pro 

Category

  • Beauty
  • Equipment
  • Health & Fitness
  • Lifestyle
  • Tech News
  • Virtual reality

Recent News

2023 CrossFit North America West Semifinal Results — Alex Gazan, Patrick Vellner Notch Wins

2023 CrossFit North America West Semifinal Results — Alex Gazan, Patrick Vellner Notch Wins

May 31, 2023
An Exercise in Repurposing and Design

An Exercise in Repurposing and Design

May 31, 2023
  • Blog
  • Privacy Policy
  • Disclaimer
  • Terms and Conditions
  • Contact us

© 2021 News.21av - Popular News & magazine powred by Get solutions.

No Result
View All Result
  • Home
  • Tech News
  • Virtual reality
  • Lifestyle
  • Beauty
  • Health & Fitness
  • Equipment

© 2021 News.21av - Popular News & magazine powred by Get solutions.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In