Overview Of Vulnerability Management
As we discuss more and more stories about vulnerabilities everyday here in Hackercombat.com, we need to empower you – our readers of the basics of vulnerability management. Programs are flawed by design, in a normal life cycle of software; patches are issued by the vendor to fix newly discovered bugs. Using a computer while the vulnerability remains, it may be used as an attack surface by cybercriminals for unauthorized access or a loophole for infecting the machine with malware. This is the very reason software vendors strictly remind their customers to never run an unsupported version of their product, as they already stopped issuing patches for those, hence it is not safe to use them for day-to-day purpose.
If the vulnerability is neglected, there is a risk of being attacked from the outside or being used for virus ( worm ) infection, with users unaware of it. At worst, the infected device is already being used as a “zombie”, part of a botnet which is used to launch DDoS attack against certain targets. Botnet membership due to a virus infection is one of the major information security problems on computers connected to the Internet. The vulnerability must be closed because it can be exploited by cybercriminals, such as being used as a springboard to attack other servers, mine cryptocurrency or becoming a source of malware infection for the rest of the network.
To fix the flaws in software, both system and application software are required. For example, in the case of Windows, Microsoft issues monthly patches every second Tuesday of the month. However, even if the security hole is patched, that doesn’t mean that new vulnerabilities will never be discovered; it is necessary to constantly apply the updates as soon as it is offered. In recent years, threats called zero-day attacks became a household name in the field of computing. A zero-day attack is a vulnerability campaign that takes advantage of an operating system or software flaw before the vendor even knew about the existence of it, hence it is already being abused in the wild before a patch becomes available. It is difficult to say that complete countermeasures are difficult because manufacturers often consider countermeasures and develop patch programs after the vulnerability is disclosed. However, not all platforms are covered with regular patches; one example is Android. The sole responsibility for issuing patch for specific Android devices are the device vendors themselves, but issuing fixes does not make money for these vendors. They are more motivated of selling new phones to replace old phones which only have one problem: old Android version.
This is why companies need to understand and accept the risks and strengthen protection of zero-day and targeted attacks that are undisclosed to patches, and threats that are among the most likely to impact them. This is the main purpose of vulnerability management and threat intelligence services. By enabling companies to quickly identify threats that directly lead to problems, proactively block security holes and make it easier to take measures to avoid data loss, data breaches and system failures.
Typical paid threat intelligence services provide aggregated and correlated data feeds and alerts customized to the customer’s risk status. Some vulnerability management and threat intelligence services automatically feed data into security products such as firewalls and provide industry-specific threat assessments and security advice. Most are provided as subscription-based cloud services. Vendors usually offer a few feature levels, some vendors offer managed services to provide threat intelligence to on-premises systems. Subscription costs tend to be somewhat high or very high. As such, threat intelligence services are currently targeted primarily at relatively large, medium-sized organizations and businesses. Cloud services are generally becoming cheaper, and threat intelligence services will follow a similar fate.