Devil is in details
Software vulnerabilities are the entry point of 53% of successful cyber-attacks according to Forrester. Fixing those vulnerabilities in detail is gaining majority in minds as over 85% of people in charge of security have decided to make changes in security policy in 2016. Security breaches are necessary known before being exploited and there are numerous performing tools on market having the ability of making inventories of them. This does not prevent some innovating companies from always reinventing them by creating value beside detection and by limiting job constraint related.
However, putting an efficient remediation policy in place is more complex. The variety of security breach and the impact correctives have on systems can make the job sometimes impossible to people in charge of it.
So, from market, does it exist a product that can address the whole chain? Does each corrective mean the same process?
Vulnerabilities: all similar?
There are only 2 ways to fix a vulnerability.
Those vulnerabilities aren’t linked to any software updates but they are linked to misconfiguration. Patch Management products cannot address them because most of the time they are not known but inferred from tests.
- Software Updates.
These vulnerabilities are software update level related. Sometimes, a simple security patch is enough to fix them. In some other cases, an operating system upgrade could be necessary, tat’s means some project management.
Only vulnerability scanner tools based can synthesize all security breach into a unique report and perform analysis from A to Z. But how to perform remediation?
Which tools for remediation, which control?
- Software Distribution
Software distribution solutions automate and package system configuration changes. Those tools work with agents and can update a lot of system in a short time. Each update needs package validation by checking parameters are well applied and don’t introduce functional issues.
- Patch Management
Patch Management solutions keep system update level that is acceptable. They can quickly deploy zero day patches. Most of patch management solutions carry out complex mechanisms in order to schedule patch installation and to manage system reboot.
In both cases, it’s mandatory to check effects when correctives have been applied. Configurations linked to security can be applied then removed because some other functional configuration is requested. It software distribution status says parameters have been properly applied, it does not mean they don’t have been erased by some other. This is also the truth for Patch Management. For example, we can focus on Patch Management solution like WSUS. This Microsoft Patch Management solution made for Windows systems, help you to automate security patch updates based on missing patch inventory. This method can reach some limits as a patch is flagged well installed because it’s registered that way in registry. Vulnerability scanner will tell you if the patch is properly applied by checking DLL versions. This will be able to detect patch corruption.
At this point, combination between security update automation solution and autonomic vulnerability detection and management product makes sense. We cannot be both judge and jury at the same time.
A winning combination
A unique product that can automatically fix issues from scans does not exist today. Some people on market pretend they can do it but they partially address the subject.
Best answer remains implementing several independent and additional tools that perfectly fit any aspect of this problematic.
Elastic Detector from SecludIT is very efficient in delivering vulnerability reports targeting right people. It can perform that without production server disturbance thanks to cloning technology.
At the top of your WSUS Path Management solution, Elastic Detector will help you to monitor security patch installation efficiency and to alert about configuration issues.
Check your devices right now with Elastic Detector
SecludIT provides you with Elastic Detector trial version for 1 month. You will be able to internally check residual vulnerabilities of devices.