Any security leader must be able to provide a standard for due care and help to build a comprehensive security program that is good for the entire business. This is no easy feat.With increased threats and security breaches on the rise, it comes as no surprise that security is today’s top buzzword. And with all the security buzz on the minds of business leaders, we see an increase in security initiatives. And as leaders at small to medium-sized businesses look to their in-house staff to implement, they are discovering a lack of skills and resources. This often leads to a conversation with their trusted Managed Service Provider to help close the gap.
Often, we hear that MSP clients assume security is included as part of the standard of services already provided. We have also uncovered through interviews that organizations and MSPs alike often have a hard time getting their users to adopt better security practices, even simple ones to implement, like multi-factor authentication and password policies. One thing they all have in common however is that they want to be better at security.
Let’s start by stating that achieving ‘better security’ is all about the layers of security that can be established to protect the organization, its users, and most of all, its data. We also conclude that there is no ‘security bliss’ where all levels have been laid and there is no longer any risk.
Security can best be established as a framework for users and the data they share. When we break down security into manageable layers we can create the following categories. Each category has its own standards and processes to be documented and carried out by a security leader or a team of security leaders.
- Policy Management
- Awareness & Education
- Identity & Access Management
- Vulnerability Management
Each topic can be quite involved, so our focus for this article will be vulnerability management as it becomes the foundational layer to the organization’s threat defense strategy. Most MSPs are already offering services for managing vulnerabilities through patching operating systems and third-party products. Vulnerability Management is just one part of the security process in identifying, assessing and resolving security weaknesses in the organization. Often there is a focus on the technical infrastructure, like updating endpoints and managing components of a network, like the configuration of firewalls.
Let’s take a closer look at the process and practice of vulnerability management in these 6 steps:
- Policy – Your first step should include defining the desired state for device configurations. This also includes understanding the users and their minimum access to data sources in the organization. This policy discovery process should consider any compliance measures like PCI, HIPPA, or GDPR that may exist. Document your policy and your users’ access.
- Standardize – Next, standardize devices and operating environments to properly identify any existing vulnerabilities and to meet compliance needs noted during the policy discovery process. When you standardize on your devices, you also streamline the remediation process. If users are all operating on the same type of hardware/software setup, steps 3-6 have the propensity to be more effective and the process more efficient.
- Prioritize — During remediation of a threat, any activities conducted must be properly prioritized based on the threat itself, the organization’s internal security posture, and how important the data residing on the asset is. Having a full understanding of your assets and the roles they play in the organization will play a critical role when prioritizing active threats. Document and classify your assets so you can easily prioritize when there is a threat.
- Quarantine – Have a plan in place to circumvent or shield the asset from being a bigger threat to the organization once compromised.
- Mitigate – Identify root cause and close the security vulnerability.
- Maintain – It is important to continually monitor the environment for anomalies or changes to policy, patch for known threats, and use antivirus and malware tools to help identify new vulnerabilities.
Vulnerability management is an essential operational function that requires coordination and cooperation with the business as a whole. Having the entire business buy into better security is paramount to the success of the program. The team must also have a set of supporting tools with underlying technologies that enable the security team’s success. Operational functions include vulnerability scanning, penetration testing, incident response and orchestration. Remedial action can take many different forms: application of an operating system patch, a network configuration change, a change to a custom-built application, a simple change in process, awareness and education for users who consume and share organizational data. Tools can range from RMM to SEIM, to simple AV/Malware and backup toolsets.
Better vulnerability management practices start with a superhero who promotes security consciousness and helps to innovate solutions and services that make the business thrive!