Lately I have been going through recorded sessions from RSA Conference 2019. Thanks RSA for making these recordings available.

This particular session “In the wake of an attack – Thoughts from a seasoned CISO” caught my attention and I listened to its playback. It is around 45 minutes for those of you who are interested. In this session Bob Lord (CSO at Democratic National Committee [DNC] and ex-CISO at Yahoo) talks about his basic security checklist. He mentions that the basic security checklist is fairly small and only contains three fundamental checklist items as below:

Bob mentioned that people tend to focus on the latest in security like using Blockchain or AI/ML, but they do not keep the focus on these basic things. I couldn’t agree more with Bob here. Bob mentions that most hacks leverage a known vulnerability with a publicly known exploit (as was the case with Equifax). Hence there needs to be enough focus on patching software. Organizations today do not do a good job at keeping their software patched appropriately. 

This lead me to think about why is it difficult for organizations to stay patched appropriately on the software front. We can break this into two things that need to happen here:

  1. Keep track of which softwares are deployed across the organizations
  2. Keep these softwares patched appropriately

For the first point above, an organization needs to utilize a software inventory management solution. In the Equifax scenario, this was a key thing missing and that ultimately left them in the dark. Without this knowledge an organization cannot comprehend its exposure to the threat.

Let us further break up the second point above, as below:

How to keep these known softwares patched?

ThreatWatch helps provide required details about the impact of the vulnerability. Also it allows you to specify the business criticality of the asset to arrive at an informed decision on whether to patch immediately or not. Lastly ThreatWatch helps close the last mile by allowing you to automate the patching process based on your organization needs by utilizing pytw (an open source python library from ThreatWatch). 

Contact us at info@threatwatch.io for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *