Hounded by Cyber Security?
On This Day
One of these latter moments happened during a recent weekend on a longer walk. Social media popped up to notify me that a decade ago I had posted reminding my social connections of the importance of patching (yes, I really am that interesting).
I recalled that I had been involved in a Sasser worm clean-up for a client of the company I worked for at the time. As I’m sure many reading this post will remember, Sasser was a self-propagating virus that could tear through unpatched Windows XP/2000 networks at lightning pace and cause frequent crashes and reboots.
Whilst my task of patching and securing the network on that day was unremarkable, it did occur to me both how much and how little some things have changed from a cyber security perspective over the last decade.
The Need to Patch
Even back in 2008, there was a consensus that patching was an important security prerequisite. It still is today. In fact, on their list of top 20 cyber security controls, the Center for Internet Security places Continuous Vulnerability Management (which includes patching) as the third most important thing you can do to secure your network after hardware and software asset discovery and control.
Yet, according to Forrester Research, in 2017 an estimated 24 percent of enterprises suffered at least one breach due to vulnerability exploits. And according to Gartner, 99 percent of the vulnerabilities exploited at the end of 2020 will continue to be ones known by security and IT professionals at the time of the incident
Many of Ivanti’s customers use one of our market-leading patch products, which can help automate the patching of a vast array of applications and components across various operating systems. Concerning zero-day exploits, the research time from discovery to exploit is ever falling, which makes it more important than ever to have a robust vulnerability management program.
What Has Changed?
The cyber threat landscape has evolved dramatically over the last few years. This is due in part to increased opportunity and accessibility for nefarious threat actors. More and more of us are conducting business, finance, and leisure online across an ever-increasing array of devices and mediums. The demarcation point between home and work for many has all but gone, and the consumerisation of IT has ‘happened.’
Antivirus solutions, once hailed as the holy grail of cyber security, are still undeniably important. However, in 2018, they are not prioritised at the top of the Center for Internet Security (CIS) cyber security controls.
Malware creation frameworks have been commercialised, making powerful cyber weaponry available to organised criminals, which at one time would only have been the domain of hacktivists, nation states, or ‘script kiddies’ (the latter I can thank for my fight with the Sasser worm all those years ago).
Nation state-sponsored cyber-attacks are also no longer the realm of science fiction, with two such alleged attacks making news headlines just recently.
Defence-in-depth is hailed as the most effective cyber security strategy available today, with no point solution offering complete protection from the diverse and sophisticated threats faced in today’s world. It’s defense-in-depth with a solid strategy—layered defences that experts have prioritized as those most likely to protect against modern cyber-attacks.
This is a strategy that resonates strongly with us here at Ivanti. As well as the patch solutions mentioned above, we offer a strong portfolio of security solutions that work in concert to contribute to a robust cyber security posture.
The Next 10 Years
The next decade is likely to be an extremely eventful time in the cyber security space, with emerging technologies like blockchain, IoT, AI, 5G, and quantum computing (to name a few) providing a hint of the future challenges. That said, you can bet that Ivanti will continue to innovate at the bleeding edge to keep our customers secure and the world moving.
Here’s to the next 10 years.
Robin Rowe is a product manager at Ivanti focusing on security and cloud solutions. Based in the UK, Robin has also worked as a senior solutions engineer, data center project engineer, senior consultant, and customer support engineer.