Boosting cyber health: How vulnerability and patch management decrease threat exposure

Source: ESET

Date: 10 Oct 2024

The topic of vulnerabilities remains significant as new exploits emerge, underscoring the need for continuous vigilance and proactive defense strategies.

In a world that records on average at least 7,240 new vulnerabilities per quarter (based on 2023 data), patching critical vulnerabilities should be an immediate priority; otherwise, users might face anything from exposing confidential data all the way to opening their entire networks to ransomware or wiperware. The possible negative scenarios are unlimited.

Thus, focusing on your business’ cyber health matters, and with data breach costs climbing into several millions of dollars, patching all your devices/OSs grows considerably more critical.

 

A health check on vulnerabilities

First of all, doctors usually say that humans should support their health by ingesting a healthy dose of vitamins every day – lowering the chances of having compromised immune systems, leading to constant bouts of sickness. For organizations, the situation is much the same. Without investing in all-encompassing cybersecurity measures and awareness training, their body (business) will be left vulnerable to compromises (literally).

However, it seems that just like humans tend to underestimate their need for vitamins and health checks, so do businesses forgo important security checks and patching. There have been a plethora of cases where a business was breached due to a known vulnerability. For example, Equifax in 2017 was breached thanks to unpatched vulnerabilities1, which threat actors used to get their hands on the private records of 147.9 million Americans.

Overall, this catastrophic breach cost Equifax around 1.4 billion USD. For a smaller business, such costs, even in proportion to their revenues, would likely bury them completely. A larger enterprise might weather the storm, but there is a high chance that they could fold as well, and all because their patching was, well, “patchy.”

 

Recording vulnerabilities – are you immune enough?

The database of Common Vulnerabilities and Exposures (CVEs) recorded 28,961 vulnerabilities for 2023 alone, representing a 15% rise compared to the previous year. For Q1 2024, 8,697 have already been reported (for comparison, in Q1 2023 it was 7,015).

Endpoints such as servers or computers remain risky, as they can harbor unpatched systems and apps. The same research also highlights how ransomware gangs are becoming more skilled, using programming languages that can more easily cross-compile, simultaneously targeting Windows and Linux systems.

There’s an online myth that Linux is inherently more secure than other systems – since threat actors only target commonly used ones. Said myth is easily debunked though, as Linux is one of the most widely used systems globally. It makes up approximately 96% of web server infrastructure, while Android represents 72% of the global mobile market share.

Recently, ESET Research broke a story about the Ebury botnet compromising around 400K Linux servers for cryptocurrency theft and other criminal activities. ESET researchers have also exposed numerous OpenSSH backdoors, leading to the documentation of almost 21 Linux-based malware families with credential-stealing and backdoor functionalities. Additionally, threat actors target Linux-based high-performance computing (HPC) clusters with sophisticated malware like Kobalos.

Thus, threats targeting Linux-based systems are quite real and can pack quite a punch to the gut of business security.

 

The ABCs of vulnerability solutions

Why deal with vulnerabilities, specifically? For a business that could already consider its cyber posture “ready” or “full,” it could seem like its current security software can take care of everything.

That’s not an entirely accurate observation. Endpoint security products in and of themselves are usually made up of multiple layers guaranteeing strong protection – but that doesn’t mean that your endpoint product can protect against every single external threat. There’s a reason why detection and response or cloud security are a thing these days; it’s all about minimizing risk by shrinking the attack surface as much as one can.

Though security tools can remediate rather quickly (with ESET-managed services responding in as little as 20 minutes), every piece of a security stack plays a different and important part in the active protection process.

Keeping ahead of attackers by preventing them from finding that vulnerable spot is the key to your security. Said spots can be anywhere – in an app, device OS, or server infrastructure – presenting multiple potential entry points. However, the right vulnerability and patch management solution can provide the necessary tools to assess and provide patching opportunities for that unsecure spot – wherever it may be.

 

ESET Vulnerability and Patch Management (V&PM) – a healthy dose of vitamins

As illustrated previously, threat development is more flexible than before, and defenses need to be shored up to protect all devices that a business employs.

With ESET Vulnerability and Patch Management, which is now also offered as a separate add-on to ESET PROTECT Entry and ESET PROTECT Advanced, even the smallest firm can start its prevention-first journey, warding off tomorrow’s threats looking to infiltrate their premises.

The V&PM module is directly integrated into the ESET PROTECT Platform and is always on – making it easy to stay up to date – protecting against attacks, zero-days, and ransomware all at once. Thus, ensuring visibility and situational awareness, which the entirely new V&PM dashboard improves by giving instant overviews of the vulnerability and patching status across an entire business network.

Moreover, to answer the need for comprehensive vulnerability assessment and patching, ESET has expanded the V&PM module by adding further system treatment into its repertoire – now also covering Linux2 and macOS3.

For Windows and Linux servers, we understand that admins need full control, therefore, on these systems, the V&PM module is not automated and gives admins total control over the entire process, so that they don’t interrupt business workflows.

And if a security admin is growing suspicious about a particular system, on-demand vulnerability scanning will enable them to act quickly in case the need arises.

 

Sickness be gone!

With current security tools like the comprehensive ESET V&PM module, breaches traced to a vulnerability are no longer about bad luck – they are about inattentiveness and underestimation, both of which have enormous security and even existential consequences for organizations.

Upping the ante in this important area is compliance, with regulations such as NIS2 in Europe, and PCI DSS 4.0 globally, demanding transparent vulnerability disclosure and management. This all shouldn’t be surprising – with thousands of vulnerabilities being recorded quarterly, all it takes is one unpatched hole and tragedy awaits.

So please, take that health check and don’t underestimate your immune system – when you have those vitamins at hand, why not take them?

1 The exploited vulnerability was related to a framework for creating web apps written in Java, enabling threat actors to run code remotely.

2 Please check our website for desktop Linux compatibility.

3 Additionally, Linux patch management, as well as operating system vulnerability scanning and patching in macOS, is on the roadmap.

For more information about ESET Vulnerability and Patch Management, please visit our page here.

Discover how V&PM helps in staying compliant with cyber insurance in our blog here.