3Ps of Security: Protect, Prioritize and Patch
Like a football or soccer team, security also has two lineups that must be continuously managed. One lineup involves protecting the digital assets and data of a business. The other: managing the security risk and vulnerability exposure of these environments and endpoints. The tension between these two lineups keep security and IT very busy.
There is a critical shortage of expert security professionals, which means no expanding the bench of talent, even if you can afford it. The day-to-day playbook for security boils down to the 3Ps: protect, prioritize, and patch. And do all three as best and fast as possible to keep ahead of adversaries and cyber threats.
If a security control fails, or is bypassed, there is an open gap to possible compromise. When a gap is detected, there is a rush to tackle the problem and to understand the root cause to block it from happening again.
However, the same urgency doesn’t exist in vulnerability management or patching. Ivanti’s recent survey Patch Management Challenges highlights this problem:
A daunting 61% of the IT and security professionals said that they receive requests from line of business owners to postpone maintenance windows once a quarter. Another 28% said that they get such requests once every month.
Cybersecurity Awareness Month presents a good opportunity to not only share what end users can do to protect themselves, but also to highlight challenges within the various disciplines of security.
One major challenge: prioritization. Gone are the days when professionals can predict the types and scale of attacks that the company many encounter. Also gone is the assumption that work environments are limited to a contained space where IT-controlled PC workstations are the center of productivity. There has been a monumental increase in acceleration of digital business as organizations pivot to respond to COVID-19 pandemic impacts. The playing field has dramatically changed as all businesses should consider they are working in a hostile environment. So how can businesses prioritize based on risk if they’re operating in an Everywhere Workplace with a constantly evolving threat landscape?
The three Ps of protect, prioritize, and patch aren’t meant to be siloed instructions that happen in subsequent order. In this new business environment, all three Ps must be continually active. According to our Patch Management Challenges survey, 53% of respondents say that organizing and prioritizing patches takes up most of their time. This would be equivalent to a player watching on the sidelines until halftime, while his role goes unfulfilled.
That means the team will have been playing without full bench strength and will have to come from behind to try to win. Ivanti’s goal is to get all security players the patch and vulnerability intelligence that gets them into action faster and with confidence. Patch intelligence means that when line of business owners request a delay or want to postpone maintenance to security, IT can clearly share the level of risk that they are exposing the business to by delaying action.
Ivanti’s Patch Intelligence release this month continues to provide the insights needed to accelerate remediation, as it now supports macOS endpoints. This couldn’t have come at a better time as more work-from-home systems are MacBooks. Quickly shifting organizations sought systems to support their remote workers, and many opted for macOS systems because they tended to have less malware and threats, while others had to resort to macOS because this was the only type of system they could procure at the time. However, its notable that the increase in the business use of these systems has also coincided with critical vulnerabilities appearing in the last few months.
Apple has patched a critical macOS vulnerability (CVE-2021-30657) that has been exploited by Shlayer malware for months. This was reported by the vendor with a severity of 5.5 looking at the vulnerability in isolation; however, this vulnerability has been weaponized with an available exploit. The Ivanti Patch Intelligence and Vulnerability Intelligence (formerly RiskSense VULN KB) solutions scores this vulnerability based on a wide perspective of threat intelligence and expert insights. In this case, this vulnerability scored a 10, the highest priority for remediation.
This is where having the right prioritization, akin to the coach giving the plays on the sidelines, helps everyone to move quickly against security risks. We know it’s not easy. Ivanti is in the business to make that easier.
The big takeaway: like on any great team, protect, prioritize and patch need to be in sync and operate in simultaneous alignment. None of them can win the game alone.
Ready to learn more? We’ve compiled resources to get you on top of the game.