2015 CISCO Annual Security Report feels like a déjà vu. After all the song and dance, there are no surprises. Security has been and will always continue to be a people centric problem. People have always been used to gain access and continue to be unwitting participants.
The end points in an enterprise are often open invitations to attackers. The reluctance on the part of end users to patch their systems regularly, provides an easy entry for perpetrators to use them to access the network.
It is heartening to see a declining tendency in the cumulative vulnerabilities reported in 2014 compared to the total number reported in 2013. This may be an indication of increasing attention paid by the vendors to do better testing. This marginal decrease is unlikely to have any immediate relief. There are plenty of vulnerabilities available for attackers to exploit.
Attackers are finding newer ways to gain access and more importantly to evade detection. The primary access still remains exploiting known vulnerabilities – “in 2014, 1 percent of high-urgency Common Vulnerabilities and Exposure (CVE) alerts were exploited”. Keeping those top 1% vulnerable applications patched becomes a very high priority activity. While patching may often involve conflicts, identifying what needs to be patched and actually patching them can easily be automated.
It is interesting to note that less than 50 % of the respondents use a standard tool to patch and keep the systems from being vulnerable. In addition, controlling misconfigurations are not automated either. “75 percent of respondents say that automated tools are very or extremely effective”. This is somewhat puzzling. Good tools can help reduce the risk of cyber-attacks and help correct misconfigurations while increasing the productivity of the employees.
Organizations with sophisticated security postures exhibited high level of leadership involvement, well documented clear security policies and Integrated tools that work well together. While management support and clear policies are very important, it is critical to have tools that automate security tasks. With the frequency of attacks manually managing security posture is next to impossible.
Security has always been and will always continue to be a people centric problem. While achieving good security involves conscientious effort on the part of everyone, tools that can help identify vulnerabilities is a good first step. It is important however, to have tools that not only prevent attacks by removing vulnerabilities, but also making sure that the tools are capable of remediating on-going attacks and provide insights into attacks that have already occurred.