Over the past two weeks, we’ve devoted our posts to the recent vulnerability in Microsoft Outlook. It’s been a while since a news story on a vulnerability has hit so hard, and it raises a lot of questions for clients—of course, the main one is “what can we do to stay secure?” We’ve covered it as a specific issue here, but it’s high time to take a look at the big picture. The answer to that question is—in a couple of words— vulnerability management. Today’s post will give a short overview of what vulnerability management is and what’s so important about it as an approach to security.
Even though Outlook is distributed and maintained by Microsoft themselves, you can still think of it as third-party software. Since Windows and Office are both made by Microsoft, you’d expect them to play nicely with one another; on the other hand, they’re still different products with different functionality and security concerns. If you use Office on your workstations, you’re tying your security to Microsoft’s ability to keep that software secure.
This isn’t unique at all, though… every piece of software that you install has a certain level of risk that it introduces to your security. This particular problem with Outlook existed for as long as a year, and as long as Microsoft didn’t patch it, it was a potential problem for everyone. Each piece of software with any tools or functionality for network connections has the same potential to become exploited.
Every piece of software that connects to remote servers (including your web browser) can potentially introduce flaws in your security. Every piece of software that you use provides some functionality that’s important to your business, though, so leaving functionality on the table should be out of the question. Endpoint Detection and Response is a vital tool in securing workstations and servers, but it isn’t perfect… the Outlook vulnerability targeted a very small amount of information (your network credentials) and sent it out over the internet, and while EDR can stop data exfiltration, it typically looks for large payloads and taxed resources.
Managing your Network Assets and Looking for Vulnerabilities
Where EDR works in real time to fight attacks, vulnerability management is an approach to stop them before they develop into an attack. Vulnerability management 1) identifies all of the hardware, data, servers, endpoints, and software on your network and 2) scans for “vulnerabilities” that may exist in these assets. These vulnerabilities could be, for example, exploitable software that needs to be patched, it could be a problem with how a server is configured, or it could be weak and insecure passwords (which are strongly associated with older software).
Vulnerability management isn’t limited to one piece of software or hardware or vendor, but rather, includes all of your third-party software patches, firmware updates for network devices, etc. From a broader perspective, vulnerability management also includes your employee training that helps them fend off malicious emails and scams. When vulnerabilities are managed by your MSP it can also include active monitoring of your network and remediation planning.
Once you know where the vulnerabilities are in your network, they can be prioritized and addressed before they become breaches. Understanding that security and connectivity are always going to have risks involved, having all the information about your network, software, and security practices allows you to have a better sense of how to manage those risks and how to stay vigilant against attackers. The cost of not addressing your system’s vulnerabilities will far outweigh the cost of addressing them today.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team