Seemingly overnight, the Coronavirus pandemic has made quarantines, travel bans and social distancing the new norm. As companies shift to a remote working model to contain the spread of the virus, vulnerability management programs, like so many other operational processes, may be experiencing disruption.
While some parts of your program are sure to take a hit, it also presents the opportunity to introduce process improvements that would have otherwise been very difficult to implement. Here’s what we’re seeing in the field:
First up - the challenges:
Vulnerability management programs may slow to a snail’s pace (initially): The biggest issue with a hasty shift to remote working is that vulnerability management operations will slow or lag indefinitely as people and processes that are unaccustomed to this model settle in. Vulnerability management programs are typically run by security teams that collaborate closely with Ops and Development teams, but can also require support from application owners, network engineers, network architects, and others. Building collaboration between multiple stakeholders spread across multiple teams is already hard -- doing so when they are all offsite, working under the specter of a health crisis is even harder. Keeping the process moving under these new circumstances is sure to be challenging at first.
Limited or insufficient remote capabilities: Many companies don’t currently have the remote access required to fix vulnerabilities found in employee laptops and workstations. Not only that, security teams simply have no control over when remote employees log on and how long they are connected to the network. Unlike production environments that are always on and accessible,remote employees - and their laptops -- are remote ALL the time, making scans and patch cycles for these systems much harder to manage. These hurdles could cause remediation processes for these core systems to plummet. Remediation teams should expect to adjust their strategies accordingly.
Next up... Some opportunities and tips:
Working remotely doesn’t come without its benefits for vulnerability management programs!
Patching core systems: With employees working from home, remediation teams can take advantage of the fact that there are fewer day-to-day disturbances, with some of the regular routines put to a halt. This makes it a good time to make strategic plans for remediating core systems that may require the involvement of multiple teams or complex technical changes.
Schedule clear patch windows for laptops: As mentioned above, with so many remote employee-laptops to oversee and patch, missing out on patch cycles may become all-too-common. By scheduling designated patch windows for these, security teams can stay ahead. As so, employees can leave their personal laptops open and online, or connected to a VPN, ensuring that patches are deployed appropriately.
Remediating vulnerabilities on the now-unused systems: Working remotely also presents a rare opportunity for teams to remediate those risky vulnerabilities on unused systems. For example, with everyone working from home, teams can now remediate vulnerabilities that sit on the LAN. These vulnerabilities tend to be quite challenging to patch as they’re usually always in use. Now, these can jump to the top of the queue and get fixed quickly.
Mitigating risk through compensating controls: Now is also a great time to use compensating controls in a more aggressive, widespread manner. For example, teams can define a rule that uscanned or unpatched computers will not have internet access, while applications will be blacklisted using tools like EDRs or others.
The impact of the Coronavirus pandemic on global markets has been massive and underscores the need for disaster planning. The “upside” (for lack of a better term) of any such planning is that it enables organizations to reassess and update a wide array of processes, including, of course, those that power their vulnerability management programs. Hopefully, enterprises worldwide will be able to seize this moment to strengthen their vulnerability management processes, many of which are sure to be ripe for updating and/or automating.
We certainly hope that this turns out to be the case, but either way, as we acclimate to our new reality, we’ll continue to post tips and best practices for improving vulnerability remediation processes. While these uncertain times have brought about new obstacles, they also present opportunities for the taking.
For more information about improving your vulnerability management programs while working with a remote workforce, speak with one of our experts today.