Continuous Vulnerability Management Service also known as Continuous Monitoring: The traditional security assessment formula has become stale and obsolete. And some companies perform vulnerability assessments or Penetration Tests (PenTest) only once each year. Once each year isn’t enough because technology advances in modern society have made us more interconnected and software reliant. New technology frequently is released with unknown security flaws until they are discovered and disclosed by security researchers who reveal them publicly. An example is, they seek legitimate compensation through the software company’s “Bug Bounty” program.
The threat landscape is evolving and hackers are quick to weaponize high profile vulnerabilities. The attackers, (or bad guys) have developed faster times to weaponize vulnerabilities disclosed by researchers. “Weaponized” means to take a vulnerability or a technical issue and create a proof of concept code or script that make it easier to attack your information systems; hackers create a weapon out of these vulnerabilities. Here are examples of two such high profile issues:
Two Examples of Recent High Profile Vulnerabilities
The first example is the Salt stack authentication bypass
An Open Source Configuration Management Framework typically manages large fleets of servers. The salt master server will send commands to minion servers which will automate and execute instructions on demand.
- Two specific vulnerabilities disclosed in late April 2020 – CVE-2020-11651 (an authentication bypass flaw)
- And CVE-2020-11652 (a directory traversal flaw) combined to allow unauthenticated remote attackers to execute code on the affected system
SaltStack Authorization Bypass Link
The second example is the Citrix Application Delivery Controller
(ADC) is otherwise known as NetScaler ADC, and Citrix Gateway – In early 2020 these network appliances had a serious issue that allowed an attacker to gain remote control of the affected systems. A 2 stage attack: First – upload a malicious payload into the filesystem of the Netscaler, and Second – execute that payload in the context of the system.
The Benefits of Continuous Vulnerability Management
contrasted with periodic or 1x/year assessment approach
The biggest benefit is that we reduce the time to discovery and speed up the response time to fix serious issues. We recommend remediation measures as soon as vulnerabilities are reported in the wild and identified in our client’s IT system. We don’t wait for the next annual snapshot.
How we define “Continuous“?
We define “continuous” as perpetually gathering threat intelligence reports by following the work of security researchers and vendor disclosures. We do this every day because these issues can be made known throughout the year.
The 2nd aspect is the technical testing, or scanning for vulnerabilities; scheduled in accordance to your unique environment. Depending on the complexity of your networks, we may elect to do this weekly or daily just to make sure that we have full coverage of your systems
If a client had these vulnerabilities and hired a penetration test firm (Cybersecurity Consultant) wouldn’t they find all these issues?
The answer is, maybe. Penetration tests (commonly referred to as a PenTest) have a strict scoping boundary and limited time frame to perform the engagement. The focus is to find out if there are any vulnerabilities or issues in the environment in a limited time frame. Can an attacker leverage those vulnerabilities? The ability to cover a large environment may be very limited.
If a company uses the cloud do they need Continuous Vulnerability Management?
Business organizations outsource IT operations to a cloud provider. They cannot outsource the responsibility of protecting your data! Amazon AWS S3 is an example. Amazon will allow clients to store information without regard to security. The default setting is open/unsecure.
How Does KLC Consulting Perform Continuous Vulnerability Management Service?
- “Red team” (attack simulation) and “blue team” (defender, incident response investigation) reduce attack surface.
- Each client is unique: We perform services on a case-by-case basis.
- Our remediation recommendations are prioritized based on criticality.
- We provide advanced notification of potential threats based on proactive threat intelligence assessment reports that cover the technologies deployed for each client.
Learn more about trends in hacking web applications and API’s