Updating software is the final cyber-smart behavior promoted by Cybersecurity Awareness Month 2022 organizers – and an important one to emphasize as we close out the month. For IT security teams, updating software to address bugs and security issues has long been a cybersecurity fundamental. But in most enterprise IT environments, updating software isn’t as easy as it sounds.
Last year, threat researchers logged 18,439 common vulnerabilities and exposures (CVEs) in the NIST National Vulnerability Database (NVD) – or more than 50 new flaws per day. With so many vulnerabilities piling up, security teams don’t have the time or resources to make every software update, every time a new vulnerability is disclosed. Instead, risk-based prioritization is the name of the game. And doing this effectively requires a balance between manual effort and automation.
As your security team brushes up on cybersecurity fundamentals this Cybersecurity Awareness Month, here are five best practices to follow for updating software as part of a broader defense-in-depth approach:
1. Prioritize critical patches. Nearly a year ago, the Log4j zero-day vulnerability shook the world. Yet despite headlines and urgent warnings about the vulnerability’s severity, there are still Log4j instances operating in the wild – and still exposed to cyberattacks. It’s important to watch for critical patches for software deployed in your environment and implement them as soon as possible. Review vendor recommendations for all enterprise software platforms in use, along with any underlying OS and enterprise integrations. Treat these recommended procedures as a must. If you can’t, make sure you understand the security implications and build your defenses accordingly.
2. Check in with third-party vendors when critical patches are released. Make sure they’ve also patched the software you use.
3. Continuously monitor software assets. Automating inventory and tracking processes can help your team push software updates in a timely manner, manage end-of-life software, scope access permissions appropriately and make sure weak or default credentials do not remain in use. This is especially important in hybrid and multi-cloud environments where misconfigurations are rampant.
4. Consider connected IoT devices as part of your multi-layered security strategy. IoT devices – from printers and sensors, to cameras and tablets – often have well-known firmware or software vulnerabilities that can be accessed via weak credentials or default credentials that are hardcoded into the device. Finding ways to automatically monitor and secure the credentials used to access these IoT solutions is key to shrinking the attackable surface area.
5. Focus on the bigger issue. Today, credential theft is security leaders’ No. 1 area of risk. There there are countless ways for attackers to steal credentials and exploit identities as a jumping point. Instead of just patching identity-centric vulnerabilities ad hoc, many security teams are working to limit privileged access intelligently through automation to make a greater impact. Examples of this include implementing automated detection controls to find and block credential theft attempts, or placing credential “lures” at points along common attack paths to help trigger red flags when intruders try to move through an environment.
Even if your team had the ability to patch every software or device vulnerability every time, attackers keep innovating. There’s no silver bullet to cybersecurity, which is why assuming breach and layering Identity Security protections with vulnerability assessment, patch management and other critical peripheral defenses is essential for detecting and neutralizing threats faster – before attackers have a chance to cause significant damage.