Authored by: Joyal Bennison, Product Consultant, ManageEngine
Despite being cleared to return to the office, businesses have begun to embrace a hybrid work culture. While there are obvious benefits to a distributed workforce, having a sizeable portion of your endpoints beyond the corporate perimeter warrants quicker and more effective security methods.
More than ever, there's a need to stay vigilant of vulnerabilities in your endpoints and keep them patched as and when vulnerabilities appear. This is even more pressing considering the recent surge in vulnerabilities, amounting to 8,993 security vulnerabilities (CVEs) so far in just the first half of 2021. The cost of miscreants exploiting the vulnerabilities is especially high. According to the Malaysia Cyber Security Strategy (2020-2024), the potential economic loss in Malaysia due to cybersecurity incidents could hit up to RM51 billion, which is more than 4% of the country's total GDP.
The shortfalls of the traditional approach
Traditionally, vulnerability and patch management involves dedicated tools operated by different teams. The security team employs vulnerability scanners to identify vulnerabilities in endpoints and shoots a ticket to the IT or remediation team with vulnerability details and required action items to fix them. IT administrators utilise patching tools to sweep the network for missing patch details, and they compare those findings with the data sent by the security team to correlate the patches required to resolve the vulnerabilities. Then the IT team proceeds to download patches from vendor sites, test them for stability, and deploy them to their production environment. Another round of scanning is performed by the IT team to ensure the vulnerability is thoroughly fixed, and the remediation status is sent to the security team, requiring the latter to perform additional validation to close the vulnerability management loop.
But there are multiple caveats to this fragmented approach. Here are a few reasons why it is inadequate for distributed IT, where vulnerabilities require instant, effective action.
Juggling multiple tools for patch and vulnerability management results in a siloed, inefficient workflow, adding complexity, creating redundant scans, widening the gap between vulnerability detection and patching, and dramatically slowing down the process of remediating risk. It shouldn't come as a surprise that organisations, in general, take more than a couple of months to close a discovered vulnerability. Edgescan’s 2020 Vulnerability Stats Report reveals the time taken by organisations to patch vulnerabilities for an internet-facing system is now 71 days. With the gap between vulnerability disclosure and active exploitation having shrunk in recent times, organisations need to be swift in remediating vulnerabilities, especially with remote endpoints exposed directly to the internet.
Lack of accuracy:
Point products don't interface well with each other, increasing the likelihood of potential disparity in data between integrated solutions. In other words, all the required patches may not get deployed completely and critical vulnerabilities could remain unaddressed.
Piling up management challenges:
Deploying and implementing multiple tools on remote endpoints can be clumsy and time-consuming, with the endpoints constantly plugging in and out of the network. Besides, managing multiple clients on remote endpoints can impact the VPN bandwidth of your organisation. Adding to this challenge, installing multiple agents strains system resources and affects their performance.
Difficulties in scaling:
The modern IT landscape is extremely dynamic and it's characterised by the frequent addition of new remote assets. An instance of one of the agents not being installed on any of the new remote assets could introduce further complications in the workflow and leave behind several security gaps.
Increased security budget:
Let’s cut to the chase: the deployment and maintenance of separate tools for patch and vulnerability management will cost you two times as much. It's as simple as that. Further investments include dedicated training sessions on each product for new staff.
It's high time that organisations start looking at vulnerability and patch management as a unitary process. Investing in integrated patch and vulnerability management solutions helps overcome these caveats by providing all the involved teams with unified visibility and better tracking from detection to closure of vulnerabilities across your distributed IT. With just a single interface and a single agent to maintain, scaling and management challenges are considerably reduced. Besides, an integrated solution simplifies the entire vulnerability management life cycle by automatically correlating vulnerability and patch information and facilitating direct remediation.