By Dan Wolff, Director of BigFix Product Management and Product Marketing.
We have a problem folks. Nearly one-third of all detected enterprise vulnerabilities remain open after a year, and one quarter are never remediated1. This leaves corporate networks exposed to malicious attack from outside or even insider threats.
The vulnerability remediation gap is a universal challenge.
Why is this happening? Why can’t enterprises effectively address this problem? A few reasons come to mind:
- The sheer volume of reported vulnerabilities: Larger organizations can have tens of thousands of active vulnerabilities at any one time. It’s a mountain that is hard to climb.
- Lack of prioritization schemes: A common way to address the problem is to determine which vulnerabilities are most urgent, and deal with those first. This is easier said than done with limited options available for effective prioritization.
- Patching can break and disrupt systems: Imagine telling the owners of business critical services that their servers must be taken down to patch. Or that end users need to reboot their systems. Remediation can be disruptive.
- IT operations (patching) is usually a different team: Security teams using vulnerability scanners usually operate separately from IT Operations, speak a different language and have different goals.
- Finding the right patch for the right SW on the right endpoint is HARD: The correlation required to align software, OS, location, etc. is not easy and is error prone.
- …as well as resource constraints: There are never enough people to carry out business requirements. Period.
The vulnerability remediation gap can cause catastrophe.
In the summer of 2017, the security team at a top 3 credit rating corporation detected that several unpatched and misconfigured servers had the known Apache Struts vulnerability, which had a live exploit deployed in the wild. Due to lack of prioritized remediation, there was a two-month gap in applying the patch, resulting in the exposure of 143M customer records (40% of all US citizens). As a result, the entire C-Suite was fired as well as $1.4B in cleanup cost and $1.3B set aside to resolve consumer claims.
Why is this so hard?
Typically, a skilled IT Operations or Security specialist will spend at least 2-3 minutes researching the right remediation for each vulnerability. With potentially hundreds or thousands, it can be a full time job.
What does this mean in real terms? An organization with 1,000 running vulnerabilities will spend up to 50 person-hours per scan cycle researching and correlating available fixes to the correct assets.
On April 6th, HCL BigFix announced Insights for Vulnerability Remediation
The BigFix Insights for Vulnerability Remediation application is included in the BigFix Lifecycle and BigFix Compliance suites. This new technology integrates with Tenable.sc and others to crush the vulnerability remediation gap, align security and operations teams and dramatically reduce the corporate attack surface faster than ever before.
BigFix Insights for Vulnerability Remediation automates the vulnerability remediation process with no fewer than four correlation engines which:
- Correlate endpoint ID with the Tenable endpoint ID
- Correlate the found vulnerability to a Fixlet
- Identify and assign the superseded (latest) remediation
- Correlate the BigFix endpoint to the latest Fixlet
With BigFix Insights for Vulnerability Remediation, the organization with 1,000 vulnerabilities can remediate in less than two hours by automating manual processes and reducing errors and associated rework. Now, this IT organization is able to quickly implement fixes and effectively prove compliance to auditors and executive stakeholders. With BigFix Insights for Vulnerability Remediation, IT Security and IT Operation teams are able to collaborate effectively to quickly remediate vulnerabilities discovered by Tenable, providing significant operational and organizational value to the CIO and CISO. That value is realized through:
- Aligning Security and Operations teams with intelligent automation.
- Compressing security vulnerability remediation times by an order of magnitude.
- Reducing enterprise security risk.
And all of this with no additional agent and no performance impact. Better yet, BigFix covers your entire environment with over 12 operating systems and nearly 90 variations.
A final word
Legacy vulnerability management processes are no match for today’s complex IT landscape – which includes cloud, mobile, web, IoT and OT assets. They fail to deliver what is most important: fixing gaps as quickly as you find them. It is time to change the conversation.
BigFix is here to help!
For more information
- Learn more about BigFix Insights for Vulnerability Remediation at https://www.hcltechsw.com/wps/portal/products/bigfix/ivr-home
- Visit Tenable at https://www.tenable.com/hcl
- Contact BigFix
1 Persistent Vulnerabilities, Their Causes and the Path Forward, Tenable Research, June 2020.