Every time I meet a client to discuss Cyber Security and its importance the replies are mostly like " I have the best firewall etc. so I am secured. So why do I need to worry about security as my firewall /IDS etc. will take care."
Yes one may have the best Perimeter Security devices but then I give them some How much of security testing should I do? .?I end up describing the basic security they have to explain where perimeter security ends and Unknown vulnerability takes over. Perimeter security is like the Physical security- the security at your office entrance gates. These security people have been given directions like what to check, what to allow inside etc. for example not to allow a person entry without being escorted etc.. This is what the perimeter security device does only follows what it is asked to do, like monitor any activity which any device/ application is doing which it is not supposed to do. But can it detect something truly unknown or a zero day vulnerability?
I do agree that you need these devices to secure your networks from known vulnerabilities but the main big question " How do we protect from the ZERO DAY Vulnerability" .
Security - Processes built around solutions and products - part 2
The Big Question Asked " Mohit, a ZERO DAY VULNERABILITY " how can you discover something which is unknown? You expect us to believe there is a Zero Day and our Perimeter security devices cannot discover it? and my Answer is Yes, there are Zero Day or Unknown Vulnerabilities which have not been reported and may be existing in your applications, appliances or network devices. It becomes difficult for people to believe so I generally use a layman example to explain.
Before we move forward let us understand a little about Vulnerability Management. Wikipedia defines this as Vulnerability management is the "cyclical practice of identifying, classifying, remediation, and mitigating vulnerabilities", especially in software and firmware. Vulnerability management is integral to computer security and network security. (http://en.wikipedia.org/wiki/Vulnerability_management).
Vulnerability management can be defined as an ongoing continuous process which covers Identifying, classifying, remediation and mitigating vulnerabilities. Organization use vulnerability management to pr-emptily defend against the exploitation of vulnerabilities in company applications, software and networks. Network Analyses of all critical elements helps in identifying the key vulnerable elements be they applications or appliances and then testing these network elements/ applications for known as well as unknown or zero day vulnerabilities. The next step is classifying them and then creating actionable points to address and mitigate these vulnerabilities. In brief " Vulnerability management can be defined as the cyclical practice of identifying, classifying, remediation, and mitigating vulnerabilities.
By creating a process organizations can effectively implement vulnerability management will be significantly safer from data breaches and theft. The biggest challenge comes for organizations is to have the correct set of tools to address these issues. Some tools are used because "I have used them before" or " Someone has used them before" syndrome creeps in, but the question is do those tools suffice or address the present needs or are they required?.
In a recent client meeting this issue cropped up vehemently. The client had a senior technical resource who had over 15 years experience in the IT & Telecom Industry. The discussion started with " Well we want to Test all our purchased applications and devices for Cyber Security and Unknown Vulnerabilities". The discussion went on a serious note and I started describing the process to the client. We broke the problem into Known and Unknown Vulnerability Management and the client liked the approach when the senior technical resource jumped into and said " What about generating load and conducting performance and conformance testing and check for security vulnerabilities"?. I stopped and paused, and asked " What about conformance and performance testing?", " What do you wish to do about it?". Prompt came the reply " Well how can your tools help us to do that?". Then I shared with them that this portion of testing is not a part of security testing and part of conformance and performance testing to ensure that if the product OEM says he can handle XGB throughput or
data on a particular device or port, those tools would help them to verify if the same meets the said requirements or not, and that unknown vulnerability testing is not related to conformance or performance testing.
After providing with some more examples to the client on the details and after my re-emphasis on the fact that one needs to use those tools to only conduct the performance and conformance testing. The client got the picture and we got into discussing Known Vulnerability Management. Though this topic is heavy and not just limited to testing just applications for known vulnerabilities, it also includes code rot or the decay of software code over time.
« Previous
Next »