12 minute read
HOW TO FIX THE PATCH MANAGEMENT PROBLEM
from Change Agent
by cxoinsightme
TAREK NAJA, SOLUTIONS ARCHITECT, QUALYS, ON WHY WE NEED TO RETHINK PATCH MANAGEMENT STRATEGIES
The region’s relationship with the digital realm can be described as a series of benefits that come with caveats. On the one hand, cloud computing brings agility and cost-effectiveness, but it also leads to complexity. On the one hand, remote work led to keeping employees safe during a pandemic and delivering flexibility to them now, but at the cost of complicating the management of shadow IT. There are probably a few more examples, but you get the gist — great business benefits accompanied by great surges in responsibility and workload for IT and security teams.
Advertisement
More shadow IT and increased complexity are welcome mats for threat actors, and the region’s attack surface is growing as a result. When asked by PwC to name the top negative impacts from IT complexity, UAE respondents commonly cited the ability to recover from a cyberattack. Cloud migrations are splitting legacy solutions to have one foot in the cloud and one on premises, which gets in the way of identifying, classifying, prioritising, and remediating vulnerabilities.
Report after report shows a cybersecurity crisis in which organisations around the world are struggling to keep pace with exponential increases in the number of exploits and the number of tools deployed, as well as an industry skills gap that refuses to go away. The problem can be summed up as solutions fatigue meets siloed teams. We see a vast array of cloud, on-prem and WFH tools, managed piecemeal by disparate, non-collaborative departments across the IT and security disciplines. This chaotic environment is being hit by threats that are more sophisticated and greater in number than ever before, leading to longer resolution times.
Enterprises need more agility in the security function so that threat hunters can do just that — hunt. Instead, many analysts are chained to the daily grind of investigating a few false positives while trying to juggle must-dos such as patch
management. Any security professional will tell you that this situation describes an organisation with a flashing target on its back.
Patch management: an ideal candidate for automation
A way forward would be to remove some day-to-day tasks such as patch management from the plates of security teams. Patch management is a necessary component of the cybersecurity function. But global figures tell us our enemies are exploiting vulnerabilities faster than they can be patched. According to the latest Verizon Data Breach Investigations Report, the jump in ransomware attacks from 2020 to 2021 was more than the last five years combined. And according to data from Mandiant, zero-day exploits reached a record high in 2021, more than doubling from 2020, which had not seen much of an increase on 2019. Our enemies are also faster to react than we are. The time to weaponise an exploit fell from almost a year (352 days) to just over a week (9 days) from 2018 to 2022, while remediation times have slowed. This is a business risk because it is hard to imagine any operation in the digital economy that can afford to be offline for days at a time.
The plain truth is that unless larger organisations have veritable armies of patch technicians at their disposal, they cannot hope to patch their infrastructures at the current rate at which vulnerabilities are disclosed and exploited. And while smaller businesses may have less patches to administer, they may still lack the staff to do so. Remediation processes are not always straightforward. Some may involve both deploying a patch and changing a configuration. If we factor in due diligence, in which each patch is evaluated for operational impact before it goes live, then we start to see the problem.
Patch management needs an overhaul. It needs to be automated, but in a way that leaves control in the hands of IT and security teams. Organisations should start with triage. It is important to remember that not all vulnerabilities will require a patch. Patch management platforms must be flexible enough to deploy patches, make configuration changes, and update third-party applications, but with enough granular control to allow assessment of the necessity of the fix.
The idyll, at a glance
In the ideal solution, security leaders should look for one that offers a high degree of automation, even in the most complex patching scenarios. Policyorchestration capabilities should drive operational efficiencies and improve response times, rather than creating new problems. Organisations must be able to adopt a risk-based approach, where they apply their knowledge of their own unique business requirements to the prioritisation of vulnerabilities and patches. Security and risk managers should ask themselves which threats pose the greatest risk to their specific operational model, based on industry, IT environment, and other factors. Perhaps it will be sufficient to prioritise weaponised exploits that are currently being leveraged by threat actors rather than obsessing over patching all those that have been disclosed. An advanced patch-management solution will offer the ability to include outside threat feeds into each analysis.
Finally, security leaders should work with IT department heads to align priorities and homogenise policies. The best security outcomes start with unified data — a single source of truth — pertaining to assets and their vulnerabilities. No discovery, assessment, prioritisation, or remediation can occur without this step. Executed correctly, data alignment will allow all stakeholders to row in the same direction. The result will be more efficient use of resources, lower costs, and minimised exposure time. Together, these benefits amount to a better risk posture.
While adversaries will still be on the prowl, a semblance of peace comes from a 360-degree view of the IT environment supported by a single data model and real-time dashboards that are aligned to business risk rather than the Common Vulnerability Scoring System (CVSS). Peace is the opposite of chaos, and having tamed complexity and automated humdrum tasks, security leaders will have introduced a measure of calm that empowers their teams to be more efficient threat hunters.
TOP 6 KEY NETWORKING TRENDS FOR 2023
DAVID HUGHES, CHIEF PRODUCT AND TECHNOLOGY OFFICER, ARUBA, A HEWLETT PACKARD ENTERPRISE COMPANY, ON WHY NETWORKING IS ESSENTIAL TO TRANSFORMATION
The network now plays an even stronger role, powering the transformation journey that’s needed to thrive during uncertainty and preparing organisations for what comes next in 2023.
1: By the end of 2023, 20% of organisations will have adopted a NaaS strategy
With tightening economic conditions, IT requires flexibility in how network infrastructure is acquired, deployed, and operated to enable network teams to deliver business outcomes rather than just managing devices. Migration to a network-as-a-service (NaaS) framework enables IT to accelerate network modernisation yet stay within budget, IT resource, and schedule constraints. In addition, adopting a NaaS strategy will help organisations meet sustainability objectives since leading NaaS suppliers have adopted carbon-neutral and recycling manufacturing strategies.
2: Built-in security replaces bolt-on
Reducing cybersecurity risk has become a core operational concern. Transformation to a more automated security architecture is an IT imperative. No longer can organisations bolton perimeter firewalls around the network to protect against threats and vulnerabilities. Security must be built-in to every aspect of the network infrastructure from Wi-Fi Access Points to LAN, campus and data centre switches, WAN gateways, and extending into the cloud. Zero trust and SASE frameworks will become more intertwined, not only to protect from threats but to apply microsegmentation across the complete IT stack including users, connected devices, applications, network services, compute, and storage platforms.
3: Location services enable new business models and greater efficiency
Challenging skilled labor markets and recurring supply chain issues will force companies to become more efficient, productive, and resourceful. Pivoting towards achieving situational awareness of assets, inventories, work in process, workers, customers, contractors, and supply chains will enable better control of costs, resources, quality, and intellectual property. This will require merging information technology (IT), Internet of Things (IoT), and operational technology (OT) data with contextual information about the environment. A new focus will be placed on obtaining the accurate location of work activity and assets, the identity of people and machines, the real-time applications being used and by whom or what, and the security posture of every device and machine.
4: IT will consolidate operations onto a single, centralised network and security management platform
More diverse digital technology (IoT) is being deployed by enterprises to improve user experiences and to streamline IT operations. At the same time, employees and customers expect a better integrated real life/digital experience no matter what the enterprises’ business model is. These dynamics have added complexity to both the network and security and have made managing the infrastructure more complex. With an intensified focus on end user quality of experience while increasing protection from cyberattacks, IT will look to a single centralised management system with visibility across the network and the ability to configure edge-to-cloud QoS and security policies.
5: SLA measurements will be based on User Experience not box uptime and link availability
IT must optimise their networks to meet hybrid working requirements. Businesses will have dedicated teams whose priority is to ensure a seamless end user digital experience for employees and customers. Adapting to a clientbased view rather than a network view requires complete end-to-end visibility and application-level insights to know if the quality of experience is meeting end user expectations or not. Tight control of network performance is no longer sufficient. Being able to identify and troubleshoot application response time and performance issues rapidly and remotely will be essential to ensure a seamless end user digital experience no matter where users connect.
6: AIOps shifts from primarily offering insights to delivering automated remediation
With AI, cloud adoption, and access to vast amounts of data now common in enterprise-class network management solutions, automation takes centre stage. Identifying the clustering of similar error symptoms across a full-stack network is leading to orchestrated workflows that will more readily give IT organisations the option to allow solutions to automatically remediate an issue.
HOW THE CLOUD WILL HELP MANAGE UNCERTAINTY IN 2023
MATT WATTS, CHIEF EVANGELIST AT NETAPP ON TRENDS THAT WILL SHAPE THE TECH LANDSCAPE
The multicloud will increase in importance as more services move from on-premises to the cloud. According to research firm Gartner, it’s expected that on premises versus cloud spend will flip by 2025. While this continued migration to the cloud isn’t surprising, I anticipate cloud adoption will continue to accelerate in 2023 because of supply-chain issues requiring buyers to look beyond on premises hardware to ease procurement challenges and the need to pursue aggressive sustainability objectives. The rapid adoption of multiple clouds is even more interesting. In fact, 89% of companies are using multiple clouds to manage IT services, operations, and infrastructure. This seems to be a place some companies have “landed” out of necessity, or even by accident, as they worked to mitigate supply-chain issues by linking to multiple cloud providers who could each help them drive innovation and ensure security, scalability, and flexibility outside their data center. This has brought about unnecessary complexity that companies will look to address through the adoption of common services across clouds.
Skills Gap
More companies adopting multiple clouds means the skills gap will move from fierce competition between employers to retain top talent, which I’d noted would be an issue in 2022, to one where niche skills will be required to succeed. It’s difficult finding talent that can work skillfully within one cloud. Creating teams skilled in managing multiple clouds becomes a significant challenge and can take extended periods to develop. Companies need teams that can innovate and build. If employees are only spending time on operations, they can’t innovate. This need will only intensify, and companies will need to become more comfortable in hiring for potential over talent, and be willing to provide the team members with the training they need to succeed.
Sustainability
Sustainability will only become more important to IT buyers, and they will require more data to support claims from their vendors. Vendors will need to show they are working toward (and achieving) greater sustainability throughout their value chains and delivering product features that enable their sustainability. They will have to work harder to increase energy efficiency with their facilities and on-premises equipment and provide improved methods for data categorization that enable buyers to look across their entire data estates and tier data, which is particularly effective in the cloud. When we consider that 68% of data is used once and then never again, we can see how moving this unused data to the cloud, where it can be tiered and moved to cold storage, is beneficial for the planet. Last year, I noted that sustainability was increasing in importance, but it has been interesting to see the level of sustainability specifications and feature granularity that buyers now demand when making purchasing decisions.
Cyber resilience and data protections
The current challenges in terms of health, economy and war mean that cyberresilience is more crucial than ever before. Businesses and organisations will rely more than ever on IT resources to provide round-the-clock protection and quick recovery for their data. This is because the question is no longer whether they will be attacked, but rather when and how often, so we need to address the problem head-on and a small number of small and medium-size companies are still not prepared. Previously, a business’ cyber defence strategy focussed on anticipation of the attack, but today it is more about reacting during the attack and quick recovery after it. Detection, protection and remediation will be the watchwords of cybersecurity in 2023.
Quantum Hybrid Computing
Quantum hybrid computing will start to move from ideation toward practical application, problems such as elements of AI will be broken out and passed over to quantum systems for processing, we’ll start to see a blend of traditional HPC and Quantum to solve some of these most complex issues. This will also force us to better address cybersecurity. Companies need to think about data encryption now more than ever. Criminals are increasingly sophisticated, and companies need to be equally sophisticated when it comes to their security measures. While this won’t happen overnight, the wheels have been set in motion for quantum to be a threat to encryption on sensitive data. For example: Imagine designing and building a military fighter jet, which can take more than a decade; Then it’s in service for 20 years and all the data associated with the plane and its missions remains classified for another 20 years. That data needs to be protected for upwards of 50 years. And a criminal only needs to steal that data once during that protracted timeframe and wait for the necessary Quantum power to decrypt to catch up. We need to be thinking much, much more carefully about how we protect data today, from simple data theft to more advanced kind of encryption and decryption techniques.
