Beyond Periodic Vulnerability Assessments to Frequent Scanning of Attack Surface

Automation is the Key to Smart Cyber Risk Management

Automation emerging as a key enabler for prioritisation of Cyber Risk across Enterprises, presenting it with a real-time “Cyber Risk Score” made available on the Executive Dashboard. Cyber risk automation using analytics and AI helps organizations cover more incidents faster with fewer people comprehensively covering organisation’s IT #attacksurface. It frees security analysts to focus on complex & prioritized problems. Automation leads to continuous 24/7 monitoring, real-time alerts, and/or actions based on defined policies and risk tolerance. Shortage of skilled #cybersecurity professionals also is a good reason to adapt an intelligent platform.

Automated Compliance management on the other hand collects and reports compliance data with lesser resource, efforts and doing away with juggling of the spread sheets. Multiple regulatory compliances can be tracked smoothly and almost simultaneously while at the same time cutting down on repetitive efforts and human errors.

More and more organisations are now looking for secured platform for Digital Risk Management?and Continual #RiskAssessment, End Point risk assessment and mitigation, Attack Surface management, #AutoRemediations with exception management and automation of compliances.?

? Regulatory Compliance

Master Direction on Digital Payment Security Controls issued by RBI on 18th?Feb 2021 also called Digital Payment Security Controls directions, 2021 besides, other security considerations, calls for addressing the following security practices:

·??????Run automated VA scanning tools to automatically scan all systems on the network that are critical, public facing or store customer sensitive data on a continuous / more frequent basis.

·??????Compare the results from earlier vulnerability scans to verify/ ascertain those vulnerabilities are addressed either by #patching, implementing a compensating control, or documenting and accepting the residual risk with necessary approval and that there is no recurrence of the known vulnerabilities.

·??????The identified vulnerabilities should be fixed in a time-bound manner.

·??????Ensure that all vulnerability scanning is performed in authenticated mode either with agents running locally on the system to analyse the security configuration or with remote scanners that are given administrative rights on the system being tested.

Importance of Continuous Vulnerability Scanning: Continuous #vulnerability #scanning implies “continuously acquire, assess and take action on unusual or new information to identify vulnerabilities, remediate and narrow down the window of opportunities for attackers.” Unlike traditional minimalistic approach of periodic VA scans and PT, the idea is to pick up on new and emerging latest cyber threats as they on occur and respond to ensure continuous protection of business. Further act upon the recommended remediation or push?the patches for fixing of Cybersecurity gaps that are detected in enterprise assets, networking devices and web applications. Evidently, the intensity and frequency of cyber-attacks and data breach are increasing both in scale and scope. As such cyber criminals are not up there to exploit vulnerabilities only periodically and oblige us. ?

Resolutions

Assess, monitor & manage their cyber risks (VA) on a continuous scanning and?contextual?basis?to reduce the cyber risk exposure. Ideally it should map almost all types of assets viz. Network devices, virtual machines, database servers, physical servers, desktop applications, websites/portals, web apps, mobile apps (android & iOS) etc.

The platform should have ‘remediation scan’ capabilities on target assets to record all previously noticed vulnerabilities as well as the new ones in a dynamic and continual basis. All previously tracked vulnerabilities mitigated are automatically discounted and only the current vulnerabilities existing are displayed. Further platform can provide real-time alerts with suggested auto remediation, with necessary approvals.

The automated continuous VA scanning platform should enable admin rights for assigning patching, implementing a compensating control, or documenting tasks to different resources / members in the IRM / ISG / VAPT / GRC teams by notifying timelines, and monitor the progress centrally.

Considering that the sought after automated continuous VA scanning is likely to be a cloud hosted SaaS platform, this RBI compliance is important. The vendor platform is expected to perform authenticated vulnerability scanning of Web assets remotely, and for internet facing servers, using #agentless scans. While, for on-premise and physical Servers, NOT Internet facing - a sensor maybe installed on the network, which does the agentless scanning.?The sensor itself possibly needs to be installed on a server/VM.

The Platform of Choice

An?Intelligent and?Automated?cyber-risk?and Compliance Management Product Suite?targeted for mid-size enterprises is sought after. It's beneficial for Companies who prefers to assess, monitor & manage their cyber risks on a continuous and (business) contextual basis to reduce the cyber risk exposure by automating their internal compliance audits.

Platform that connects to your Cybersecurity, IT and business tools, and optional sensors?deployed across your network continuously discover and monitor your devices, Holistic coverage includes Websites, Web Applications, Database, Cloud Configurations, Cloud Workloads, Servers, Endpoints, Mobile applications.

Identifies the IT assets are exposed due to evolving threat landscape, existing vulnerabilities, asset misconfigurations, policy violations, security awareness and process gaps and prioritize vulnerabilities and prescribed necessary risk mitigation actions. Integration with ticketing and orchestration systems enables automation of Cybersecurity posture of enterprises. All these intelligently presented on an Executive Dashboard on real-time basis.?

Data Security & Sovereignty

Data protection is of paramount importance, some of the measures need to be taken in this regard should include:

The Platform is hosted in the geographical region of the country concerned, and run in Secure and State-of-Art data centres of global CSPs like Amazon / Azure / Google etc. to ensure high level of availability, integrity and protection of underlying infrastructure on which the applications are deployed. Role-based access to the cloud hosted applications, in respect of user-access and privileged-access.

Data Segregation of customers & data isolation is ensured. Data storage location could be Customer Cloud or on premise. Securing data while in transit or at rest. Multi Factor Authentication (MFA) for security of access of data. Secure Key Management and Secure Vault for storing credentials, DevSecOps with adequate web & network protection, audit & assurance in place. Reports of Security Assessments performed on the platform should be made available to the customers on demand to meet regulatory requirements.?

Thanks for your valuable time. If you found the read useful, you may please “like”, “comment” and “share” the same. In case if you need more relevant information, please DM.

References:

Master Direction on Digital Payment Security Controls issued by RBI on 18th?Feb 2021

Draft Master Direction of RBI on Outsourcing of IT Services dated 23 June 2022

https://www.servicenow.com/workflow/security-risk/future-cybersecurity-is-automated/

www.seconize.co