Gone are the days of simple, easily secured corporate networks. The proliferation of cloud computing, virtualization and containers means that the network is changing constantly, said Nate Palanov, solutions marketing manager, vulnerability management, at Rapid7.
More employees work remotely on smartphones and laptops, thus changing the definition of endpoint, he said. These employees also have access to sensitive customer data via cloud productivity apps like Salesforce, he added.
Attackers were previously focused on hitting servers, so security teams invested heavily in preventive measures like firewalls, intrusion detection systems and intrusion prevention systems, he said. But they have now adapted to focus on the users, he said. As a result, security professionals should refrain from security strategy complacency, especially when it comes to their vulnerability management programs.
“We really have to modernize what our concept of vulnerability management is for this modern infrastructure and modern information security program,” he said during the recent Cloud Security e-Summit hosted by MISTI.
Palanov suggested three key principles that modern vulnerability management programs should adopt:
- Complete ecosystem visibility, or the ability to view an organization’s entire infrastructure across clouds, containers and applications in the network.
- Remediation workflow automation that automates, as much as possible, prioritization and the actual fixing of vulnerabilities.
- SecOps agility to break down the barriers between different teams, allowing them to work closely with IT and infrastructure teams to offset vulnerabilities in the network.
When establishing complete ecosystem visibility, it is important to understand the changing attack surface stemming from the cloud and related technology, he said.
For remediation workflow automation, it is essential for vulnerability management programs to prioritize weaknesses like attackers do to understand what vulnerabilities that an attacker would go after first, he said.
“From that, automate manual processes like patching and ticketing as much as possible … so security teams can focus less on manual fixing and more on thinking strategically and understanding the bigger threats out there.” Palanov said.
It’s also important vulnerability management programs include steps that track and measure the effectiveness of remediation efforts so that teams can get ahead of potential issues before they happen. Evaluating where they are falling behind, where they are doing well and how to realign limited resources are all crucial steps in the process, he said.
For SecOps agility, it is crucial for the security team to work directly with the IT infrastructure and development teams to integrate security processes earlier in the software development lifecycle. Being able to look at network vulnerabilities, application vulnerabilities and user vulnerabilities together will help security teams work with the other departments and holistically understand the actual risks in their environment and how to address them, he said.
“It is important to position security as something that enables innovation and growth, not something as an after-thought that’s going to slow things down and hinder things.”