A widespread ransomware campaign is affecting a large number of organizations across the globe. Currently, tens of thousands of infections have been reported in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The malicious software can run on 27 languages, allowing it to spread widely.
If you are wondering how to protect your organization, the best thing to do is to implement network vulnerability scanning and patch management t ensure that your systems are reviewed for vulnerabilities and patched on a regular basis.
This is a proactive approach to security that greatly reduces a firm’s exposure to known security exploits. Maintaining secure servers and networks has become increasingly complicated and it’s not going to be simplified anytime soon. The wide variety of technologies deployed in a firm’s network (servers, switches, firewalls, routers, disk, virtual machines, UPS), coupled with today’s distributed environments, makes securing the environment against hackers a difficult task.
So what does an effective program look like? Well, it should contain the basics steps listed below:
Look for Vulnerabilities
This process should include regular network scans using vulnerability-scanning tools that leverage the NVD (National Vulnerability Database) to access all servers and network equipment and look for known vulnerabilities.
This involves analyzing vulnerability scan results to identify high-risk, high-impact anomalies that indicate a server or piece of network equipment is vulnerable to a specific attack.
This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.
This is the process of figuring out how to prevent vulnerabilities from being exploited either via correct configuration or by applying an available patch. In the event that there is no patch. It may involve taking the affected part of the system off-line (if it’s non-critical), or finding another work-around.
This is the process of getting patches — usually from the vendors of the affected software or hardware — and applying them to high-risk, affected areas in a timely manner. This can be an automated process utilizing patch management tools.
Test, Test, Test
This step ensures the patch or configuration change has successfully remediated the identified vulnerability. One way this can be accomplished is by rescanning the device for vulnerabilities.