DISRUPTIVE TECH in time to stop , or at least mitigate , their operation . At its heart , this methodology will employ risk-based assessment and allow for the unification of people , processes , and technology .
Hadi Jaafarawi , Managing Director Middle East , Qualys
Patch management savvy business leaders know , throwing money at a problem is not enough . Ensuring the investment builds the right capabilities to yield a return takes guile . In cybersecurity , the often-overused word to describe our goal is a holistic solution . To be clear , it is easy to just trot out some words to define what we mean , universal , comprehensive , all-encompassing , and so on , but the goal is better explained by defining what legacy practices we are replacing .
We are leaving behind information silos , a lot of point systems that do narrowly defined tasks very well , but which can be exploited by cybergangs to slip under the radar . This happens because attackers know what signals each tool goes after and so they can devise ways of registering as a low-level threat on each tool and therefore never being called to the attention of a security analyst .
In security investment , organisations must therefore think holistically about attack methods and inroads and design an umbrella sentinel system to detect behaviours and identify which ones may lead to harm
If we take patching as an example , our holistic approach must see the whole board and ask how the organisation can overcome problems of understaffing for smaller businesses , and the vast number of devices and business units responsible for various assets in the case of larger enterprises . Qualys data shows that attackers take an average of just 19.5 days to exploit a new software vulnerability , but security teams take an average of 30.6 days to patch them .
Interestingly , however , we found that average patching times for malware and ransomware were shorter than weaponization times , meaning these attacks must exploit older issues that have not yet been patched . When trying to concentrate resources in a costeffective way , these areas , older vulnerabilities that could be easily exploited to cause great harm , would seem to be excellent starting points .
Where possible , patching should be automated . Our data shows that where patches were eligible for automatic deployment , they were applied 45 % more often and 36 % faster than those that had to be deployed manually .
Initial access brokers , IABs are becoming a growth industry within the threat community . They use phishing of users or misconfigurations in public-facing assets to gather the tools of infiltration and sell them to others . IABs target paths less likely to be patched quickly , so
www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 73