Within all mature cyber security frameworks, be it from the UK’s National Cyber Security Centre (NCSC) ‘10 Steps to Cyber Security‘, the Center for Internet Security (CIS) ‘The 18 CIS Controls‘, or even the more basic Cyber Essentials scheme from IASME, they all call for a robust approach to vulnerability management.
What is vulnerability management?
At a high level, this is establishing the ability to continuously acquire, assess and take action on new information in order to identify vulnerabilities, remediate and minimise the window of opportunity for attacks.
Your approach should align to the overall risk appetite of the organisation, this includes the speed with which you apply security related patches within the environment. However, it is important to note that the shorter the window between vulnerability identification and successful mitigation, the lower the likelihood of compromise.
That is why our approach enables organisations to define the periodicity of vulnerability scanning, and more importantly, Clarus delivers actionable insights that enable organisations to undertake timely risk-based activity which has been shown to reduce the likelihood of a cybersecurity breach.
#Patch30 and #Patch60
With the ever increasing volume of vendor security advisories, new attack vectors, zero day exploits, organisations can quickly become swamped with the latest issue that gains media hype and loose site of existing critical issues. To help combat this, and as part of our ongoing approach to raising awareness around vulnerability management, you can follow #Patch30d and #Patch60d on twitter. Using these two hashtags, we will revisit existing critical vulnerability advisories (defined by a flaw that could result in full compromise by a malicious actor) that are heading towards the thirty and sixty day mark of a patch being publicly available.
The aim is to keep those issues in sight to ensure that patches can be applied. Or you could head over to request a demo of Clarus and let us manage the entire process from deployment, delivery of continuous scanning, through to the creation of actionable insights via our intuitive and easy to interpret vulnerability remediation tracker, removing one area of cyber that keeps you awake at night.