Advanced threats introduced by unmanaged mobile devices, smartphones and virtual machines are one of the primary issues keeping security pros up at night. Organizations have tried to extrapolate their traditional vulnerability and threat management approach to transient devices but have been met with little success. Vulnerabilities, exploits and malicious software make it into corporate IT environments by targeting these devices and using them as a jumping off point to the rest of the organization. Compounding this issue is the wide array of disparate solutions that offer to solve merely portions of these problems.
Forward looking organizations have recognized that the solution lies in the ability to not only identify the vulnerabilities and threats introduced by devices that “hop on and off” the network, but to actually take a comprehensive approach to threat management – meaning that they look for underlying deficiencies/issues within a corporate environment, potentially malicious changes or activity, and processes and settings that may violate policies. They realize that the way to effectively defend against the barrage of attacks is taking a multi-pronged approach of:
- Ensuring that the individual point solutions and processes are checked and verified independently – through active assessment, network sniffing and historic event monitoring.
- Finding all the vulnerabilities that matter to the critical operation of the business.
- Reducing the time it takes to patch the most critical vulnerabilities, and focusing on the patches that will have the biggest positive impact on the security posture of the organization.
This holistic view allows them to ensure that the investments they have made in their end-point protection, anti-malware, perimeter defense, application firewall and other security solutions are being utilized to the fullest. By monitoring these security products for proper updates, correct configuration, authorized access and similar checks, these organizations are able to take a more aggressive approach as well as provide a level of visibility and detail previously unavailable. This unified view to security management gives practitioners the detailed data they need and the CISO the summary trend information they want.
The combined data from vulnerability assessments, asset information, network sniffing and activity event logs provides relevant context, making security analysis more actionable. This context allows true analysis, so that users can determine baselines and identify high priority threats that may point to more significant compromises. Most security products will quickly identify the problems, but are not able to rank problems based on a broader contextual assessment across the organization. This lack of prioritization directly affects the exposure of the organization's ability to mitigate attacks.
Security analysts and IT professionals must make sure that security threats are fixed quickly, and in a manner such that the most critical patches based on a comprehensive security assessment of the organization's risk profile are rolled out first. Gathering security data from the review of existing security products, and combining this data with information based on vulnerability scans, network sniffing and log data allows for the successful implementation of this security program.The result is increased agility for practitioners and directors, and superior measurement and analysis for CISOs, all powered by a level of security intelligence and risk mitigation program that can only be achieved through a threat management platform that brings complementary techniques together to form a comprehensive vulnerability and threat management solution.