Not so long ago, the popular view was that storage and backup systems didn’t need that much in the way of protection. They were regarded as back-end systems that were largely out of reach of would-be attackers.
A raft of serious breaches in recent years has demolished that viewpoint. People are beginning to realize that storage and backup systems represent just as much of a potential vulnerability as other systems. Here are some of the top trends in vulnerability scanning:
1. Government Intervention
The Cybersecurity and Infrastructure Security Agency (CISA) doesn’t idly issue directives to government agencies unless something is seriously wrong or potentially threatening.
A new directive has instituted asset management and continuous vulnerability scanning on all network appliances.
Doron Pinhas, CTO of Continuity, explained that this doesn’t mean only network switches or other strictly networking gear.
“Although CISA doesn’t specify storage and backup systems, they very much come under the category of network appliances,” Pinhas said.
“Government agencies are being required to inventory and scan all of their storage and backup systems.”
2. Catching More Vulnerabilities
Recent surveys have discovered that most vulnerability scanners miss a good percentage of potential issues.
Ivanti data puts it at 3.5% for ransomware alone. Thus, those evaluating vulnerability scanners should look for those that miss the fewest vulnerabilities.
“An ideal solution needs to identify the largest number of third-party vulnerabilities, it needs to make such vulnerabilities easy to prioritize, and it needs to offer maximum coverage of applications,” said Bob Kelly, director of product management, Flexera.
“A plus is automation capabilities that consider what a customer identifies as presenting the most risk to their organization versus trying to automate all updates.”
Pinhas with Continuity added that storage and backup systems are especially susceptible to being missed by traditional vulnerability scanners. In fact, many focus so much on OS weaknesses and applications issues that they pay scant attention to glaring storage and backup vulnerabilities and misconfigurations.
See more: Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities
3. Use Multiple Scanners
One way to reduce the chances of not missing anything is to use multiple vulnerability scanners.
IT professionals often use a combination of vendor and free, open-source vulnerability tools. This greatly reduces the chances of missing something important.
4. Vulnerability Management, Not Scanning
But Mike Hindman, VP of risk-based solutions at Ivanti, cautions that the use of multiple scanners can sometimes absorb too much IT time.
This can overwhelm a team due to the volume of data produced by multiple scanners and the hours it takes them to make sense of it.
Vulnerability management tools and platforms have emerged that include scanning but provide a more comprehensive approach to vulnerabilities. This has become even more important due to the rise of ransomware.
“The danger in vulnerability scanners missing commonly exploited vulnerabilities is that ransomware groups are increasingly finding and leveraging zero-day vulnerabilities, even before the CVEs are added to the National Vulnerability Database (NVD) and patches are released,” Hindman said.
“Ransomware operators continue to weaponize vulnerabilities faster than ever and target those that create maximum disruption and impact.”
See more: 12 Top Vulnerability Management Tools
5. Be Consistent and Continuous
Graham Brooks, senior security solutions architect at Syxsense, recommends that vulnerability scanning should be done at high frequency or even continuously.
“Don’t settle for a once-a-month scans and make sure to pay attention to lower-priority threats,” Brooks said.
Brooks laid out the scenario where some organizations simply look at lists of vulnerabilities and then only seek out and fix those listed as critical or high priority.
The best approach, he said, is to perform an association analysis to see if a combination of lower-priority vulnerabilities could be used to exploit your environment.
After all, cybercriminals may indeed be criminals, but they are often smart. They quickly notice changes in tactics and the defenses employed by enterprises. When they see that their efforts are being thwarted, they shift tactics.
One recent shift is that they now go after high- and lower-priority vulnerabilities. They observed that many organizations were only patching vulnerabilities with a rating of seven or above. Hence, the bad guys now often use more than one vulnerability in their kill chain. They combine an attack on a high-priority weakness with one of a lower priority and find more success.
“Make sure you aren’t just hitting the most prominent vulnerabilities in your attack surface,” Brooks said.
See more: 22 Best Vulnerability Scanner Tools