How MSSPs Can Support Risk-Based Patch Management
… a vulnerability of moderate severity to another.
Risk-Based Patch Management
For effective patch management, patching should be prioritized based upon which CVEs pose the greatest risk (risk = likelihood x potential impact) to an organization. But without the right resources and tools, determining which CVEs pose the greatest risk to an organization can be a shot in the dark. One of the most common mistakes is to prioritize patching based solely on the Common Vulnerability Scoring System (CVSS). The CVSS quantifies the potential impact of a CVE based on its inherent attributes. However, the likelihood of a vulnerability being weaponized does not factor into the CVSS. Since the majority of CVEs are never weaponized by cybercriminals, this is a critical blind spot that will likely lead to misguided patching decisions.
Two of the strongest indicators of likelihood are whether cybercriminals are talking about a CVE and the existence of proof-of-concept (POC) code indicating adversaries have figured out how to weaponize it. Since some cybercriminals operate within secretive dark-web forums, illicit marketplaces and encrypted chat services, it’s essential for MSSPs team up with partners that collect data from these communities.
Beyond quantitative measures of how many times a CVE has been mentioned and how frequently, the conversations in which a CVE is mentioned can shed light on how it is being weaponized and their intended targeting, adding nuance to a team’s understanding of its likelihood and potential impact.
Since it is crucial that customers can easily access and parse these resources, MSSPs should look for partners that offer searchable, user-friendly CVE dashboards supplemented by finished intelligence reports analyzing notable vulnerabilities in depth, as well as analyst-curated alerts that are tailored to customers’ needs.
Since the majority of cyberattacks exploit known vulnerabilities, solutions that enable more effective patch management have the potential to have a transformative impact. But effective patch management (registration required) requires nuanced decision making based on technical and contextual information about CVEs, so MSSPs should take care in selecting partners that deliver the meaningful insights needed to inform an effective course of action. By doing so, MSSPs can better position themselves within the cybersecurity space and add significant value to their offerings.
As senior director, head of worldwide channels and partnerships at Flashpoint, Ayesha Prakash leverages her extensive experience driving business development and marketing efforts in the IT sector to build Flashpoint’s global channel program. Follow her on Twitter @yoursocialnerd and @FlashpointIntel.