Vulnerability Management

6 Fundamental Best Practices of Vulnerability Management

Any security leader must be able to provide a standard for due care and help to build a comprehensive security program that is good for the entire business. This is no easy feat. With increased threats and security breaches becoming more sophisticated and pressured to be compliant, it comes as no surprise that security is today’s top buzzword. With all the security buzz on the minds of business leaders, we see an increase in demand for security initiatives. However, as leaders at small to medium-sized businesses look to their in-house staff to implement, they are discovering a lack of skills and resources to build the proper IT infrastructure to keep them secure. With the ease and greater benefits of outsourcing today, it’s creating more opportunities for their trusted managed service provider (MSP) to fill the demand with an as-a-service offering. It’s no surprise that managed security is growing at the highest rate of all Technology-as-a-Service, at a compound annual growth rate of 17%.

Often, we hear that MSP clients assume security is included as part of the standard of services already provided to them. We have also uncovered through interviews that organizations and MSPs alike often have a hard time getting their users to adopt better security practices, even simple ones to implement, like multi-factor authentication and password policies. One thing they all have in common, however, is that they want to be better at security.

Let’s start by stating that achieving ‘better security’ is all about the layers of security that can be established to protect the organization, its users, and most of all, its data. We also conclude that there is no ‘security bliss’ where all levels have been laid, and there is no longer any risk.

Security can best be established as a framework for users and the data they share. When we break down security into manageable layers, we can create the following categories. Each category has its own standards and processes to be documented and carried out by a security leader or a team of security leaders.

  • Governance
  • Policy Management
  • Awareness & Education
  • Identity & Access Management
  • Vulnerability Management

Each topic can be quite involved, so our focus for this article will be vulnerability management, as it becomes the foundational layer of the organization’s threat defense strategy.

Most MSPs are already offering services for managing vulnerabilities through patching operating systems and third-party products. Vulnerability management is just one part of the security process in identifying, assessing, and resolving security weaknesses in the organization. Often there is a focus on the technical infrastructure, like updating endpoints, managing components of a network, or the configuration of firewalls.

Let’s take a closer look at the process and practice of vulnerability management in these six steps:

  1. Policy — Your first step should include defining the desired state for device configurations. This also includes understanding the users and their minimum access to data sources in the organization. This policy discovery process should consider any compliance measures like PCI, HIPPA, or GDPR that may exist. Document your policy and your users’ access.
  2. Standardize — Next, standardize devices and operating environments to identify any existing vulnerabilities properly and to meet compliance needs noted during the policy discovery process. When you standardize all your devices, you also streamline the remediation process. If users are all operating on the same type of hardware/software setup, steps three through six have the propensity to be more effective and make the process more efficient.
  3. Prioritize — During remediation of a threat, any activities conducted must be properly prioritized based on the threat itself, the organization’s internal security posture, and how important the data residing on the asset is. Having a full understanding of your assets and the roles they play in the organization will play a critical role when prioritizing active threats. Document and classify your assets so you can easily prioritize when there is a threat.
  4. Quarantine — Have a plan in place to circumvent or shield the asset from being a bigger threat to the organization once compromised.
  5. Mitigate — Identify root cause and close the security vulnerability.
  6. Maintain — It is important to continually monitor the environment for anomalies or changes to policy, patch for known threats, and use antivirus and malware tools to help identify new vulnerabilities.

Vulnerability management is an essential operational function that requires coordination and cooperation with the business as a whole. Having the entire business buy into better security is paramount to the success of the program. The team must also have a set of supporting tools with underlying technologies that enable the security team’s success. Operational functions include vulnerability scanning, penetration testing, incident response, and orchestration. Remedial action can take many different forms: Application of an operating system patch, a network configuration change, a change to a custom-built application, a simple change in process, awareness and education for users who consume and share organizational data. Tools can range from RMM to SEIM, to simple antivirus/malware and backup toolsets.

At ConnectWise, we aim to promote security consciousness in everyday IT practices and help our partners elevate their value by offering Security-as-a-Service. With ConnectWise Automate®, you can perform multiple vulnerability management functions such as identification and management of assets, utilize the computer management screen to help quarantine and mitigate vulnerabilities, and patch Windows® operating systems, as well as third-party applications on a mass scale. You can also utilize monitoring and patching policies within ConnectWise Automate and bring automation to your vulnerability management process. Incorporate auto-approval and installation of critical and security updates once they are released from Microsoft®. When you implement automation into the workflow, you help to reduce human error and save valuable time.


This article was provided by our service partner : connectwise.com

Social Media Malware is Deviant, Destructive

We’ve seen some tricky techniques used by cybercriminals to distribute malware through social media. One common threat begins with a previously compromised Facebook account sending deceptive messages that contain SVG image attachments via Facebook Messenger. (The SVG extention is an XML-based vector image format for two-dimensional graphics with support for interactivity and animation.)

Cybercriminals prefer this XML-based image as it allows dynamic content. This enables the criminals to add malicious JavaScript code right inside the photo itself—in this case, linking to an external site. Users who click on the image find themselves on a website posing as YouTube that pushes a popup to install a browser extension or add-on or to view a video. There are plenty of red flags here like the URL clearly not being YouTube.com, as well as the fact that YouTube does not require any extensions to view videos.

 

Facebook messenger spreading an SVG image containing a harmful script

 

An example of a fake YouTube page with malicious browser extension popup

Worm-like propagation

If a you were to install this extension, it will take advantage of your browser access to your Facebook account to secretly mass-message your friends with the same SVG image file—like a worm, this is how it spreads. Victims don’t need to have very many friends for this tactic to be successful at propagating. For instance, if you have over 100 friends, then you only need less than 1% of your friends to fall for this for the scam for it to continue to propagate.

To make matters worse, the extension also downloads Nemucod, a generic malware downloader generally used to download and install a variety of other threats. Usually the go-to threat is ransomware given it’s proven business model for criminals.

Social media managers at risk

Those who manage social media accounts on behalf of businesses are particularly at risk of advanced malware and other cyberattacks. Earlier this spring, a new Windows trojan dubbed Stresspaint was found hidden inside a fake stress-relief app and likely spread through email and Facebook spam campaigns to infect 35,000 users, according to researchers at Radware who discovered the malware.

Stresspaint was rather deviant in the way it stole Facebook account credentials and logged into accounts looking specifically for data such as “each user’s number of friends, whether the account manages a Facebook Page or not, and if the account has a payment method saved in its settings,” according to Bleeping Computer.

Allowing cybercriminals to gain control of brand social media accounts can carry grave consequences such as reputation damage, loss of confidential information, and deeper access into an organization’s network. Last year, HBO was humiliated on their social profiles when the notorious hacker group OurMine breached several the network’s accounts and posted messages before the company finally regained control of their logins.

Crypto users targeted

Following the recent trend in malware, sophisticated variants of existing strains are now aimed at cryptocurrency users. A malicious Google Chrome extension called FacexWorm, which spreads through Facebook Messenger, was found to have morphed with a new ability to hijack cryptocurrency transactions made on a host of popular online exchanges, according to Coindesk. This further underlines the importance of exercising caution with the information you share on social media to avoid being a target, particularly if you are a user of cryptocurrency.

Cryptocurrency scams are another common threat that spreads throughout social media. Twitter is particularly notorious an outbreak of crypto scam bots that pose as high-profile tech leaders and industry influencers. Learn more about this type scam in my previous post.

Don’t let your guard down

Given the nature of social networks, many are likely to consider themselves to be in the company of friends on sites like Facebook, Instagram and Twitter. However, this assumption can be dangerous when you begin to trust links on social sites more than you would in your email inbox or other websites. For instance, a simple bot-spam message on Twitter was able to grant a hacker access to a Pentagon official’s computer, according to a New York Times report published last year.

It’s wise to be wary of clicking on all links, even those sent by friends, family or professional connections, as compromised social media accounts are often used to spread scams, phishing, and other types of cyberattacks. After all, just one wrong click can lead to an avalanche of cyber woes, such as identity theft, data loss, and damaged devices.


This article was provided by our service partner : webroot.com