Lately I have been going through recorded sessions from RSA Conference 2019. Thanks RSA for making these recordings available.
This particular session “In the wake of an attack – Thoughts from a seasoned CISO” caught my attention and I listened to its playback. It is around 45 minutes for those of you who are interested. In this session Bob Lord (CSO at Democratic National Committee [DNC] and ex-CISO at Yahoo) talks about his basic security checklist. He mentions that the basic security checklist is fairly small and only contains three fundamental checklist items as below:
- Patch your software
- Use 2FA
- Use a password manager
Bob mentioned that people tend to focus on the latest in security like using Blockchain or AI/ML, but they do not keep the focus on these basic things. I couldn’t agree more with Bob here. Bob mentions that most hacks leverage a known vulnerability with a publicly known exploit (as was the case with Equifax). Hence there needs to be enough focus on patching software. Organizations today do not do a good job at keeping their software patched appropriately.
This lead me to think about why is it difficult for organizations to stay patched appropriately on the software front. We can break this into two things that need to happen here:
- Keep track of which softwares are deployed across the organizations
- Keep these softwares patched appropriately
For the first point above, an organization needs to utilize a software inventory management solution. In the Equifax scenario, this was a key thing missing and that ultimately left them in the dark. Without this knowledge an organization cannot comprehend its exposure to the threat.
Let us further break up the second point above, as below:
How to keep these known softwares patched?
- Take an informed decision on whether a patch is warranted immediately by looking at the following aspects:
- What is the CVSS score of the vulnerability?
- Is there is a known exploit for the vulnerability?
- Is there a known remediation to the vulnerability (basically a workaround for the interim)?
- What is the business criticality of the impacted software asset?
- What is the nature of the impacted software asset (internal facing, external facing, holding PII data, etc.)?
- What is the crowd sourced sentiment and verdict on the vulnerability?
- Use an automated solution to complete the last mile (i.e. patch the software asset)
ThreatWatch helps provide required details about the impact of the vulnerability. Also it allows you to specify the business criticality of the asset to arrive at an informed decision on whether to patch immediately or not. Lastly ThreatWatch helps close the last mile by allowing you to automate the patching process based on your organization needs by utilizing pytw (an open source python library from ThreatWatch).
Contact us at info@threatwatch.io for more details.