How do you know if your security posture is where it needs to be? Most organizations look at standards, be it national standards, industry standards or their own corporate standards. They may also look at their industry’s best practices. But if you aren’t looking at your risk vulnerability, you are likely not looking at the entire spectrum of your network’s security posture.
Incorporating vulnerability into your security posture means identifying open network paths to vulnerable systems on the port and protocol to which they are vulnerable, prioritizing of vulnerabilities that are reachable (typically 5-7% of all vulnerabilities identified) and improving network posture by identifying access/attack paths and closing them off.
Sounds easy, doesn’t it? Well, incorporating risk vulnerability effectively takes some intelligence, both from your security organization and your risk and policy management platform. I’ve identified 4 key challenges faced by enterprises in incorporating risk vulnerability into their security posture processes.
Let’s give a closer look to each challenge and identify a potential solution and impact on the organization.
1) Complex networks make it difficult to understand risk posture and effectively prioritize remediation of vulnerabilities resulting in an increase in open path vulnerability and asset exposure.
In past blogs, we’ve explored the Complexity Gap phenomenon affecting the security industry. The amount of technology, the data it generates and the speed at which it must operates far surpasses the capacity of most security teams to handle manually. This extends to understanding risk exposure as well. There are too many vulnerabilities to patch and policies are far too complex to be able to pinpoint every exposure. At least without a tool like FireMon’s Risk Analyzer.
With Risk Analyzer, risk teams view a map of possible vulnerable paths and trace paths an attacker might use across the network layout to see how each asset is exposed and where it is accessible to an attacker.
FireMon’s patented Attack Path Analysis calculates all the open paths to vulnerable systems on the port and protocols which are vulnerable and provides unprecedented visibility into how you are exposed.
2) Security teams can’t patch every vulnerability due to the limited amount of personnel resources and hundreds of vulnerabilities.
Risk teams can’t patch every vulnerability due to the limited amount of personnel resources and hundreds of vulnerabilities. Patches are indiscriminately implemented resulting in personnel spending a lot of effort patching with minimal risk reduction. Where should teams focus their remediation efforts for maximum impact for my unique network?
An effective solution is to manage risk reduction through asset risk value. This involves:
- Calculating how easy it would be for an attacker to reach the network through different network hosts and internet-facing segments and assess the potential damage.
- Scoring all attack simulations for risk and impact and then re-score once you make improvements (virtual patches) to determine the impact of changes.
- Patching systems virtually, re-run a complete analysis in seconds and compare various patch scenarios to ensure the biggest impact on efforts.
FireMon’s Risk Analyzer helps risk teams focus patch efforts on the riskiest assets which results in producing the most risk reduction impact on the network; otherwise, remediation efforts can be relatively ineffective and overly time-consuming.
3) Network teams are configuring the network without knowledge of the risks associated with the assets they are making accessible.
As a result, network teams are implementing overly permissive and risky policies resulting in an unnecessary introduction of risky open network paths. How can we stop implementing policies that increase vulnerability?
The solution is to use a tool that optimizes the firewall configuration process. FireMon’s Risk Analyzer assesses risk and identifies rules allowing access to vulnerabilities, so you can fix problems before an attacker takes advantage of them. You can see how each asset is exposed and where it is accessible in the firewall policy.
When patching isn’t an option, the firewall team can block access to the vulnerable asset. As a result, policies don’t route through vulnerable paths, reducing risk exposure and improving policy effectiveness.
4) It’s difficult to determine how well we are doing and identify where we can improve.
CISOs and heads of security and risk rely on metrics to determine their performance and report it back to the board and executive teams. Currently, there is no way to easily understand and measure your risk posture.
With Risk Analyzer, you’re able to concretely measure your current posture and improvement over time. It does this by assessing current risk posture and risk vulnerability trend, identifying the highest value assets with known vulnerabilities and validating risk is being reduced and remediated.
The ability to quickly see Vulnerability Density, Riskiest Assets and Asset to Vulnerability Trend provides the information to assess risk posture and measure improvement.