Zero-day vulnerabilities like Log4j force cybersecurity teams to always expect the unexpected. Carlos Morales, Neustar Security Services’ SVP of Solutions, offers tips to help organizations prepare for the next one.
Last December’s discovery of the Log4j vulnerability, one of the highest-profile zero-day threats in recent years, was a wake-up call for security teams, prompting many organizations to reevaluate their software purchasing decisions, supply chain security practices and vendor relationships.
A January 2022 survey conducted by the Neustar International Security Council (NISC) indicated widespread impact, with 75% of organizations reporting being affected by the vulnerability and 21% reporting a significant business impact due to the diversion of resources to address possible security gaps. Fast-forward six months, and the problem had yet to be resolved; in a July 2022 survey, NISC found more than half of organizations were still working to address issues connected to Log4j (only 37% of respondents said their organization had completed the remediation process). Meanwhile, more than 4-in-10 (43%) were not sure whether their third-party providers had completely addressed Log4j-related issues and nearly a quarter (24%) were sure they had not been fully addressed by external partners.
Log4j is a perfect illustration of the challenges security teams face in assessing their organizations’ risk when a new vulnerability is revealed. IT infrastructure has become increasingly complex, with a constantly changing mix of homegrown, purchased and subscription software; owned and on-demand infrastructure; on-premises and cloud-based solutions; and management by in-house and third-party service provider professionals — to name just a few of the interconnected variables. But this complexity makes preparing for the next threat even more important. Although it’s impossible to plan for every eventuality, you can take several key steps that will mitigate your risk and provide some peace of mind.
- Understand your attack surface and exposure
The first step in building an appropriate defense is knowing exactly what needs to be protected. You need to have a clear picture of all the products and services in play so that you can implement a more tailored set of protections and react more quickly and precisely when a new vulnerability is identified. You need to understand which assets are most valuable (both to your organization and potentially to cybercriminals) and may therefore require more sophisticated security solutions. For example, you’ll want to assess the extent to which the disruption of customer-facing digital assets could not only damage your brand but drive customers into the arms of your competitors.
2. Implement an always-on approach to security
Thanks to accelerating digitization and more remote work, many organizations have seen a significant expansion of their attack surface over the past few years. At the same time, cyberattacks in general have become increasingly sophisticated, and DDoS attacks are often used as a distraction while infiltration attempts are carried out elsewhere. Unfortunately, few organizations have the internal resources to rely exclusively on on-premises solutions to protect their networks and digital assets from attacks exploiting zero-day vulnerabilities. Cloud-based technologies that provide 24/7 monitoring and protection, such as DDoS protection and web application firewalls, provide a critical always-on line of defense that can react much more quickly than on-premises or remote monitoring solutions.
3. Audit your supply chain
Supply chain attacks — such as those targeting managed service providers like SolarWinds and Kaseya in recent years — are a good reminder that your organization is only as secure as the least secure partner in your digital ecosystem. Make sure your partners have security controls in place that align with your policies. Apply the principle of least privilege to them, and contractually obligate them to do the same with their own partners.
4. Embrace Machine Learning
In the face of rising threats and limited security resources, you’ll want to make sure your cybersecurity solutions are incorporating machine learning (ML) to increase the efficiency and effectiveness of security controls. ML can rapidly and automatically assess vast quantities of network traffic and data to identify new and unknown threats — accelerating detection and response times to prevent or limit damage. But automated tools can’t (yet!) entirely replace human expertise, so if you’re using a DDoS mitigation service provider, for example, make sure specialists are on duty 24/7 to coordinate the response if a complex attack defeats the orchestration platform’s automation.
5. Emphasize education
In a constantly changing threat environment, security teams need to stay on top of the latest trends, threats, remedies, and best practices. This means not only keeping up with bulletins and reference materials from resources such as the U.S. Cybersecurity and Infrastructure Security Agency but also fully utilizing vendors’ resources. After subscribing to a software package or service, many organizations fail to take full advantage of new and developing security features. For example, soon after the Log4j vulnerability became known, many web application firewall vendors offered virtual patching solutions that provided a quick fix while longer-term solutions were implemented. Knowing what types of protections are available can save time for your IT team. And, of course, it’s important to remember that humans are often the weak link in cybersecurity controls, so be sure to regularly educate all your organization’s employees on how to prevent and identify threats.
Zero-day vulnerabilities are, by definition, unexpected, and many organizations lack the processes and resources to effectively combat them. The pace at which they are being reported has also accelerated, further challenging organizations to monitor for and react to ones that are impactful to their operations. Over the past year, the National Vulnerability Database (NVD) maintained by the National Institute of Standards and Technology (NIST) has received over seventeen thousand new Common Vulnerabilities and Exposures (CVEs).
All is not lost, though. It is possible to optimize your defense against a constantly changing offense with a combination of adaptive strategies, best-of-breed technologies, and expert partners.
Understanding your environment better, educating your workforce, and holding your supply chain to the same standards that you hold yourself are great general hygiene.Leveraging a partner with experience and expertise to implement an always-on solution and ensuring they are using the latest technologies available, including ML engines, will remove significant burden from your teams, allowing them to focus on more proactive defense measures.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!