Updating software might seem like a routine exercise, especially given it is cyber-smart behavior. But while it is a fundamental part of cybersecurity for most IT teams looking to address bugs and security issues, it’s not as easy as many think.
In fact, in 2021, threat researchers logged almost 18,500 common vulnerabilities and exposures (CVEs) in the National Vulnerability Database – equal to 50 new flaws per day. With so many vulnerabilities piling up, security teams don’t have the time or resources to ensure a software update every time a new vulnerability is disclosed. Instead, risk-based prioritization is the name of the game. Doing this effectively, however, requires a balance between manual effort and automation.
As security teams look to improve their cybersecurity fundamentals for the new year, here are five best practices to follow when updating software as part of a wider defense-in-depth approach.
Prioritize Critical Patches
Despite the zero-day vulnerability Log4j creating headlines and urgent warnings about its severity, there are still Log4j instances in the wild. This is just one example of why it’s important to watch for critical patches for software deployed in your environment and implement them as soon as possible.
Review vendor recommendations for all enterprise software platforms in use, along with any underlying operating system and enterprise integrations. These recommended procedures should be treated as a must. If this isn’t possible, teams must understand the security implications and build their defenses accordingly.
Check-in With Third-Party Vendors
When critical patches are released, getting in touch with vendors is vital in ensuring they’ve also patched the software you use. It’s better to be safe than sorry. Ensuring the third-party vendors you employ are on top of their own cybersecurity practices and doing all they can to protect customers is a vital step in any security strategy.
Monitor Software Assets Continuously
Automating processes such as inventory or tracking can help teams push software updates in a timely manner. Alongside this, it is easier to manage end-of-life software, scope access permissions appropriately and ensure weak or default credentials no longer remain in use. This is critically important to maintain identity security, especially when misconfigurations are rife.
Consider Connected IoT Devices
As part of a multi-layered security strategy, IoT devices – printers, sensors, cameras or even tablets – should be considered. Often, these devices have well-known firmware or software vulnerabilities that can be accessed via weak credentials or default credentials that are hardcoded into the device. Therefore, ensuring the credentials used to access these devices can be automatically monitored and secured is key to shrinking an organization’s attackable surface area.
Focus on the Bigger Issues
Today, credential theft is the number one risk for security leaders. There are numerous ways for attackers to steal credentials and exploit identities. Instead of just ensuring identity-centric vulnerabilities are patched ad hoc, many teams are working to limit privileged access intelligently through automation. This is to ensure a greater impact.
Examples include implementing automated detection controls to find and block credential theft attempts. Also, placing credential ‘lures’ at points along common attack paths can help trigger red flags when intruders try to move through or laterally within an environment.
Concluding Thoughts
Attackers are constantly innovating, and the threat landscape is changing. Even if security teams can patch every software or device vulnerability every time, they would still inevitably fall behind the bad guys. There is no silver bullet to cybersecurity.
This is why assuming breach and layering identity security protections alongside vulnerability assessment, patch management and other critical peripheral defenses is essential in detecting and neutralizing threats before attackers can cause considerable damage.