Enough time has passed and far too many data breaches have been uncovered to warrant a fresh look at how organizations look at pro-active security efforts. Account and access management has evolved and organizations are much more vigilant to ensure multi-factor authentication is setup for customer and employee access to services and data. Data suggests that de-provisioning employee access isn’t always done as swiftly as it should be resulting in situations that can be easily avoidable.
The same question needs to be asked for vulnerability management and how can CI/CD paradigm be brought in to protect deployed services, open source software repository management, operating system image updates, database and packaged / managed software upgrades etc
Visibility into whats coming in a week’s time goes a long way to do effective planning and mitigation ( eg. we are all familiar of how organizations plan their mitigations based on Patch Tuesday ). Unfortunately, there are no “Patch Tuesdays” for the hundreds of different vendors and libraries that are part of today’s technology stacks and is very adhoc and will continue to remain that way for the foreseeable future.
Automation is key, but…
Often automation is associated with repetitive tasks, but automation is only as good as the data it uses. For vulnerability management it has to be current to the minute in some cases.
One of the approaches that will get us there is if we can meaningfully automate discovery , impact assessment and workflow management.
Putting the puzzle together..
The challenge is to weave in these three tasks using tools and solutions available in the market. This is where ThreatWatch brings in the differentiation with an ability to use its own machine curated threat intel ( and augment it with third party threat intel ) and apply it on organizational assets and create actionable workflows. To learn more visit, https://threatwatch.io/