Finding your organization’s weak spot – before hackers do

We all know that cyber-attacks harm organizations, but only when encountering a data breach, does the organization find out just how expensive it is

The IBM Security and Ponemon Institute’s ‘2018 Cost of a Data Breach Study’ puts the average cost of a breach at $3.86 million, over 6% higher compared to 2017. That figure includes factors like forensic investigations, remediation, stakeholder notifications, legal and regulatory activities, and the cost of lost business and reputation.

It’s a significant cost for any business to bear. So, it’s important for organizations to minimize their exposure to risk, by scanning their networks for security vulnerabilities before a damaging incident occurs. Yet a separate Ponemon study from 2018 found that nearly 60% of breaches originated from existing, known vulnerabilities. This means that the organization’s security team must continuously look for these security gaps and close them.
One of the reasons why known vulnerabilities aren’t being fixed quickly is because the IT and security teams may not be aware of the true risk they pose to the organization’s security. Most companies today handle vulnerability processes by relying on the reports generated by their vulnerability scanners – like Tenable Nessus, Rapid7 Nexpose, Qualys Cloud Platform, etc. These scanners provide detailed technical information about each vulnerability they find, usually organized by a server’s IP address or DNS name. Some scanning tools will also provide information on how to remediate the flaws through a software upgrade or a patch

But the sheer volume of alerts and potential risks flagged by vulnerability scanning can be overwhelming. So how can security teams filter out the noise, and prioritize addressing those risks which present a genuine threat to the business? The answer is – by focusing on the business context that the risks pose.

Putting risks into business context

Traditional vulnerability management tools will highlight that a server is at risk, but they will not identify the applications which are reliant on the server. So, while a vulnerability scan may identify two different servers with the same software issue and allocate the same level of risk to each, these two servers could be supporting very different applications. One application may be particularly business-critical (such as an e-commerce platform) or may carry sensitive regulated data. Therefore, fixing the vulnerabilities in the servers that support critical applications has to be prioritized.

So, to get a true picture of the threat to the business, you need to link the vulnerabilities that have been found in servers or devices to the specific business applications that they support. Then the application owners and business stakeholders can prioritize and manage the remediation efforts, by assessing the potential risk of a security incident versus the impact on the business of any potential downtime to fix the flaws.

This is done by integrating vulnerability scanning solutions with the right security management solution. Vulnerabilities can then be mapped directly to the business applications they are linked to, with a security rating provided for each application. These ratings are recalculated automatically whenever a network change is made, to ensure that you always have a real-time, business-centric view of your risks.

By linking vulnerabilities to critical business processes and involving all relevant business, security and network stakeholders, you can ensure that security is aligned with the organization’s business strategy. And crucially, you can identify and remediate any network vulnerabilities before a hacker exposes them for you.

Find out more about how AlgoSec can improve your vulnerability management processes here.