Achieving zero vulnerability infrastructure
Know your weaknesses, enhance your strengths.
The threat landscape is an ever-evolving beast. New vulnerabilities emerge every week as attackers change their methods and find new entry points into corporate networks. As long as organisations stick with a reactive approach to cyber security, they will forever be chasing their tails and will never have time for innovation.
Zero vulnerability infrastructure
"An enterprise's best security defence is to work towards achieving a zero vulnerability infrastructure," according to Cornell Titus, Business Development Executive at Khipu Networks.
"While some might argue that this is impossible, we prefer to think of it as an ideology of the impossible. But it has to be a strategic concern in the organisation if it's to be successful."
Having a zero vulnerability infrastructure means understanding that your network suite never operates in isolation but is rather an ecosystem comprising users, endpoints, infrastructure, perimeter security and application usage, with each element informing the next.
Titus clarifies, "Zero vulnerability has proactivity at its core, starting at the pre-attack stage and continuously taking practical steps to stay ahead of attackers. It's not enough to take a snapshot of an environment at a particular point in time and respond to threats when they're already in the network. Enterprises need to adopt a long-term, holistic approach to security, involving user education, network visibility and risk assessment, and taking action at every level to identify vulnerabilities before they cause damage."
There are four key elements to achieving a zero vulnerability infrastructure: assessing risk, educating teams, prioritising vulnerabilities and achieving complete visibility.
1. Risk assessment
"Ignorance is not bliss," says Titus, "especially when it comes to your own vulnerabilities." Starting with a risk assessment helps enterprises establish a baseline model to understand where they're at in terms of their cyber security posture, what threats they face, and what action they need to take.
By adopting a bottom-up approach to risk assessment, enterprises can scrutinise key elements in the ecosystem to identify holes in their environments, take action to address vulnerabilities and achieve full visibility of the network. "When you know what your vulnerabilities are, you'll know how to stop them," he says.
2. User awareness and education
"Your users are your first and last line of defence. As the most active people on your network, you need to be able to enable access for your mobile workforce while ensuring your infrastructure is protected. This means creating a digitally aware and cyber risk aware culture within the organisation, which requires continuous training and awareness campaigns," says Titus.
Take phishing attacks as an example. Phishing has become the number one vehicle for delivering malware exploits, yet a recent Intel study found that 97% of people can't identify a phishing e-mail.
By running phishing simulations designed to emulate social engineering attacks and understand how users respond to such attacks, enterprises can test their knowledge and follow up with training to improve their security awareness.
Again, when users know what to look for, they're better able to protect themselves - and your network.
3. Prioritise vulnerabilities
A vulnerability assessment, which involves internal and external vulnerability scans, allows enterprises to identify and prioritise their risks, assigning the right teams to fix the issues.
Titus explains, "Too often, enterprises run bi-annual penetration testing or one-time vulnerability scans. The problem with this approach is that they're always playing a catch-up game with attackers, who are always in the lead. And with new vulnerabilities being uncovered every week, they could go months without patching holes. Considering how fast malware like WannaCry spreads throughout the organisation, this is now a very dangerous approach to take."
Comprehensive vulnerability management encompasses automation, scheduling and having access to the latest threat intelligence that allows you to prevent attacks. It involves patching the unpatchable and conceding when it's time to upgrade legacy systems for which there are no patches. It involves targeting workflows to achieve business continuity by focusing on the high-priority risks first.
With all this in place, network visibility naturally follows.
4. Network visibility
Having a complete oversight of your network including what applications are being used, by who, their risk and if malware has breached your environment - is vital to understand your risks and be able to respond to threats in real-time - and even before they happen. This is a continual 24-hour strategic concern. "The advantages of partnering with the right cyber security partner with access to threat intelligence is that they should be able to alert you to new vulnerabilities before they enter the network, allowing your IT team to take remedial action immediately," he says.
"A partner can also identify areas for improvement in your security posture by analysing network traffic and activity at all times and flagging risks that your system could be missing."
Zero vulnerability means having full visibility of your network at all times, understanding who and what is connecting to the network, and the type of traffic flowing in and out. It's about providing secure access to users and putting control back into the hands of the IT team so that they can focus on innovation by consistently improving workflows. It's about partnering with the right solution and managed service provider, who is committed to understanding your unique environment and sticking with you on this journey.
The diagram below illustrates the journey towards a zero vulnerability infrastructure: