How to beat the top vulnerabilities

Attacks are continuing to advance and cyber criminals are getting hungrier for intellectual property. Whilst the headlines indicate we are now seeing more and more vulnerabilities in the IT infrastructure environment, the facts paint a different picture. But it is without doubt that businesses are open to targeted attacks and security breaches – and hackers are eager to take advantage of this.

NTT Group’s 2014 Global Threat Intelligence Report recently highlighted the need for organisations to focus and continually test for the latest vulnerabilities if they are to mitigate the chance of a security breach. Half of the vulnerabilities identified in the report were first discovered between 2004-2011, yet many organisations had not protected themselves against these well-known and common vulnerabilities. This has led to hackers increasing their efforts to ensure that exploit kits are up to date. After all, these criminals know history will repeat itself and organisations will fail to install the latest patches and test their infrastructure and controls.

Hackers aren’t just looking to exploit out-of date-systems and poorly configured defences too. Businesses are using some applications that simply are not being risk assessed, giving hackers yet another weak link to exploit.

With threats continually evolving and increasing, here are some top tips on how to manage the common vulnerabilities highlighted in our report:
1. Revisiting exploit kits
Exploits are targeted against known vulnerabilities and increasingly tested against the same lists that are supposed to help organisations to protect themselves.
Hackers are increasingly using public sources to determine how successful their malware will be, testing their exploits against public sources such as the CVE lists.
Organisations with active vulnerability management programs are less exposed to the threat of exploit kits. In fact, according to the NTT Group report, those with mature programs accounted for only about 20% of all instances where vulnerability scan data directly correlated with the capabilities of exploit kits.

2. The problem with Java
Exploit kits are using known vulnerability information to attack an organisation and are shifting focus to the core components of web applications and servers including Java. The majority of exploits are targeted at Java, which is why enterprises should focus on active patch management and configuration efforts. Since these vulnerabilities are common and are being widely exploited, businesses need to ensure they are actively addressing these vulnerabilities.

3. The insider threat
As long as individuals continue to click on links or open files, or even open files from an infected USB, perimeter defences will continue to be ineffective when malcode is released from inside an organisation.
Implementing a coherent security architecture that enables an organisation to understand and put risk in context will reduce the overall risk. Aligned to this, a company needs to formulate a security approach that is scalable and create a high impact security awareness program. This requires focusing on the business and staff, which will increase confidence, reduce risk, and increase awareness of the common responsibility for security – all in line with commercial goals. Consider collaborating with managed security services for malware analysis and incident response.

4. There’s an app for hackers
The NTT Group report also ranked web application attacks as the fifth most common type of attack in 2013. We are still seeing a significant number of attacks from organised botnets against specific services or network configurations. With organisations focusing on securing the perimeter, the cybercriminal’s focus has shifted to applications.
Applications are critical to business and naturally these are the primary targets for the cybercriminal. Application, Firewall, IDS and operating system configuration should be seen as a priority as a first line of defence – too often we install and forget.
By implementing detailed logging for web applications and database transactions you can reduce the time to identify a breach or take action to actively manage the threat.
The use of web application firewalls will help detect and prevent attacks targeted against applications such as SQL injection and cross site scripting, which are still far too easy an exploit, and remain common attacks against applications.

5. Anti-virus is not dead
Anti-virus has its critics, but it is still an integral part of a company’s defences. What is a cause for concern is that anti-virus relies on the organisation to load and test the latest patches. A combination of technology and repeated processes are more likely to defeat attacks over security architecture alone.
Both should be routinely tested and reviewed to make sure they are still effective against the evolving threat landscape. Repeated testing of configurations and controls can reduce the likelihood of an incident significantly, so it is vital to reduce the timeline of identification and remediation. Reducing complexity and increasing visibility will ensure an organisation is not the last to know about a breach.

To summarise, in an ever-changing security landscape, operationalising the testing of configurations and simplifying the management and configurations of existing technology will make it easier to mitigate vulnerabilities in the long-term. Organisations should look to take advantage of new technologies where appropriate but, it must be placed within an enterprise security architecture and aligned to the business.