In the process of developing and actually using particular software, security vulnerabilities leading to cyber attacks are commonplace. It is a well-known fact that there are a series of cyber-attacks that are perpetuated by malicious people, we report various incidents of cyber attacks and online misbehavior of some parties, to gain an upper hand in contrast to other parties they deemed as competition.
When a cyber attack that exploits a vulnerability occurs, important information of the company leaks to the outside world, which in turn leads to a loss of sales, as customer confidence dries up. However, most cybersecurity incidents require a certain period before a formal attack occurs, because a malicious person or group creates an attack program based on the contents of the vulnerability after the detection of the vulnerability. There is a time delay between the patches that fix a security exploit and the reverse-engineering of it to weaponize it. By dealing with vulnerabilities during this time, attacks can be prevented in advance.
That’s where vulnerability management comes in. With vulnerability management, the system configuration is grasped, and the vulnerability information related to each component is quickly “detected”, and the determination of the urgency of the application. The necessity of response is made by specifying the scope of impact and risk analysis. It is a series of flows that “response” promptly based on the judgment result: The vulnerability management process are divided into three:
Gather vulnerability information from sources such as vendors, experts, industry associations, etc. and assess the impact on your system components.
Analyze the magnitude of risk (business impact) caused by vulnerability, the ease of attack method, and determine the urgency of response, whether it is necessary to respond.
Set specific countermeasures and implementation timing, and minimize the risk of vulnerability to an acceptable level before the system is attacked by exploiting the vulnerability.
If any of the above is lacking in vulnerability management, the vulnerability may be abandoned and the company may be severely damaged. There is also a vulnerability information service that arranges and emails such information. Every time vulnerability information is registered in the service, the information is emailed to the user, and browsing on the Web is also possible, depending on the quality/amount of information, speed, cost (paid or free), and ease of use.
If it is a paid product, it is possible to customize it to deliver only the necessary information by registering product information (make, model number, version, etc.) in advance according to the system configuration of the company. In particular, field personnel who are constantly working on system operation can efficiently obtain vulnerability information with a small number of operation steps. By using the vulnerability information provider sites and services that collect the latest information as described above, it is possible to collect scattered information efficiently.
In addition, there are also cases where reputation risk is used as one of the risk evaluation indicators for making an emergency level judgment depending on the company size and business content. The exploitation of widely reported vulnerabilities is likely to lead not only to direct damage but also secondary damage such as reputation damage.
In light of the situation of the company, by setting the above response policies for each vulnerability level in advance, it is possible to respond quickly in case of an emergency. Typical measures against the vulnerability include patch application, workaround, and temporary service interruption. We compare and consider these, select the best for the company, and prompt the field personnel to respond. However, there is a problem that it is difficult to track the response results, and it takes time to manage the overall progress. One solution is to centrally manage the response status of each system.
The responsible department will oversee the asset management ledger, inform the site manager or person in charge of vulnerability response instructions, and report the result of the response. By linking with the work application/approval process, it is possible to prevent omission of response and delay in reporting and to always keep up with the latest configuration information and vulnerability response status of the system. In addition, if you systematize these, it will be easy to track the response results and deploy the measures horizontally.
As for systematization, it is recommended to use common services instead of building a foundation for each company. Cloud services that can comprehensively manage vulnerability information collection to response progress management, that is, detection, judgment, and response, are emerging, which is particularly effective in controlling the entire group of globally expanding companies.
The system’s vulnerability countermeasure status is classified into its management and control patterns in terms of information intensity, information freshness, and searchability :
● Information intensity
Are system configuration information centrally managed?
● Information freshness
Is configuration information always kept up-to-date?
Can you quickly list the target systems after detecting the vulnerability?
There are companies that have not been put into practice under the present circumstances, or even if they are put in practice, it takes a lot of time and costs and has not been efficient. Let’s go back to the basics and check on the system and flow maintenance.