CISA Liberates Vulnerability Management Methodology

The Cybersecurity & Infrastructure Security Agency (CISA) kicked off Cybersecurity Awareness Month yesterday with its latest mandatory operations policy. This requires federal agencies to create a complete inventory of assets and vulnerabilities. In previous CISA articles, companies looking to do business with the federal government, maintain a proper cyber posture, and get a head start on potential future regulatory requirements should educate their teams about CISA requirements and alert them to them. I recommend paying. CISA lists April 3, 2023, as the start date for federal agency compliance. Vulnerability Assessment Tools are used to automatically scan any up-to-date or existing threats that have the potential to target your application. 

Security teams have been flying blind for decades, trying to list vulnerabilities in unknown assets. Organizations often have multiple or outdated configuration management databases, spreadsheets, or vulnerability scans limited to known IP ranges and locations. The Zero Trust Assessment measures how mature an organization's existing processes are for implementing Zero Trust security.

 

 Many teams knew of assets that resided in unverifiable silos or shadowed IT. Attempts to aggregate asset data resulted in data clutter and data conflicts.

 Vulnerability Management Solution's functionality has been enhanced to address these challenges. Companies offering specific solutions include Axonius, Jupiter One, and Noetic Cyber. Vulnerability Data Feed speeds up security operations by giving data relating to vulnerabilities and related cyber threat intelligence to lessen cyber risk and streamline investigation and risk. 

 

 Actions Required by CISA Regarding Asset Discovery Include:

Automatic asset discovery every seven daysDiscovery must cover at least the entire IPv4 scope of the organizationAbility to initiate asset discovery when neededIP addressable operational technology and roaming/cloud asset SaaS integration

What are the Business Benefits of Zero Trust Security?

 Zero Trust Security is a strategy for cybersecurity that protects organizations by eliminating implicit Trust and continuously validating all phases of digital interactions. 

• Accurate Infrastructure Inventory

 • Better Monitoring and Alerting

 • Better User Experience

 • Streamlined Security Policy Creation

 • Right Investment for Lost or Stolen Data

Vulnerability Discovery Requirements

 Although there are few well-defined vulnerability management guidelines or frameworks in the United States, CISA has defined precise requirements in its policies. The condition does not address additional deadlines for remediation but previously managed instructions for known exploited vulnerabilities. Vulnerability management solutions from vendors such as Qualys, Rapid7, and Tenable help meet the following requirements:

 Scans on managed endpoints must be run using privileged credentials. Allowed network and agent-based scans are allowed per policy.

 Detection signatures must be reconditioned within twenty-four hours of the vendor release date.

 Vulnerability enumeration should be performed on mobile devices (iOS and Android devices) whenever possible.

 Writing On the Wall

 The importance of asset enumeration in security programs outlined by CISA is an exclamation mark over years of security team proclamations, the aging NIST Cybersecurity framework, and recent acquisitions of attack surface management. The policy doesn't specifically mention unknown external asset discovery, but in recent months, external attack surface management vendors have been acquired. The acquisition occurred last June, the same time Tenable completed its acquisition of Bit Discovery, and CrowdStrike announced its intention to acquire Reposify at FalCon the previous month.

 

 Expect the attack surface to be more defined in the coming months. Eventually, federal agencies and regulated organizations will be held accountable for all assets, known or not.

Forrester Attack Surface Management Coverage

 As attack vectors and threats evolve, so does Forrester's coverage of available technologies to help organizations manage their vast technology portfolios. As Jess Byrne remains responsible for external attack surface management, I take over cyber-attack surface management for his assets.

 

 We hope you will join us at the Forrester Security & Risk Forum this November in person or online. Host a session titled Rebuilding Your Vulnerability Management Program to Regain Trust. In this talk, we will discuss vulnerability remediation so that we can extend the olive branch to operations teams who are increasingly skeptical of the ongoing barrage of (often inaccurate) vulnerability predictions from VRM teams. Learn how to prioritize.

Conclusion –

Organizations can now use CISA's custom SSVC decision tree guide to prioritize known vulnerabilities based on an evaluation of five decision points:

UsageTechnological ImpactMission AdoptionPublic Welfare Impact

About Us 

LTS Secure is an AI-ML-powered integrated security platform (SIEM + UEBA + CASB + IDM), a single security orchestration and automation-based security platform that provides threat, vulnerability, and management risks. Continuous monitoring and detection in one window.

 LTS Secure is the best security orchestration and automation company, helping companies create integrated and orchestrated cyber environments. LTS Secure offers a broad range of products and features aimed at helping enterprises manage their security operations and report analytics and management functions that support their operational security infrastructure. An integrated SOAR stack can improve the efficiency of security operations through a coordinated set of procedures and processes. Visit: https://ltssecure.com/.

 

0