Cybersecurity Is More Than CVEs
“Mindless patching is rarely a fruitful activity.” That’s one of the more interesting quotes from this recent article (advertorial, really) from Dark Reading on cybersecurity beyond CVEs.
Honestly, I’m not sure if anyone really “mindlessly patches,” but the point is well taken: In organizations that don’t have a lot of resources, there’s no one dedicated to tracking CVEs and making sure every little hole gets filled.
Beyond regular patching of critical systems, small teams can’t be distracted by “sexy” CVEs that aren’t even relevant to their environment. Rather, their focus needs to be on the boring but effective things like identity management, access control, and configurations (CIS Controls, anyone?).
Tools that’ve got you covered
The good news is that several standard cybersecurity tools in a defense-in-depth strategy address CVEs, too. Beyond traditional vulnerability scanning and the aforementioned patching, these other products can identify and mitigate exploits that target specific CVEs.
Effective IDS/IPS tools are quick to address CVEs by applying timely rules and signatures as soon as they are released. The key word there is “timely” … It’s a cat-and-mouse game and it’s critical to have these rules in place quickly, before these exploits are widespread in the wild.
Network Detection and Response (NDR) tools usually incorporate these signature-based tools, as well, but add the additional function of ML/AI-based anomaly detection to (hopefully) identify malicious traffic outside of the “norm”, even without a specific “rule” that addresses the CVE.
Same goes for the endpoints. Traditional and next-gen anti-virus tools will use rule-based detections, while modern EDR tools also rely on ML/AI to ferret out malicious actors.
That’s the good news. The bad news is that there are many threats that are never covered by CVEs.
Threats beyond CVEs
Let’s dive into misconfigurations. Sometimes a hole gets accidentally opened up in a firewall (a fat finger, a new hire, or just a mistake). And sometimes, holes get punched for a business use-case. Perhaps a department needs to access a third-party system on an exotic external port, and it’s just easier to step around (or through) the firewall, so it’s done. Mission accomplished, but these exceptions often get forgotten or overlooked, and create exposures that can still lead to an infiltration, even as the department happily accomplishes its task.
Phishing, on the other hand, has nothing to do with the firewall – at first. Social engineers cleverly bypass fortifications altogether by getting some beguiled employee to voluntarily give up their credentials, internal knowledge, or sanctioned access in some other way. Everyone knows this is easily the most common attack vector, and generative AI is making it all the easier.
There simply isn’t a signature or rule or CVE to address these “vulnerabilities.” Sometimes we have to roll our sleeves up and handle it another way. A widened strategy – and the tools to support it – are usually key to the solution.
Building your cybersecurity game plan off of frameworks is a great place to start. Try NIST, CIS Controls, HITRUST, or whatever suits your industry as a way to get started and stay organized.
CVEs and so much more
At Nomic, we want to provide all the practical benefits of an enterprise security strategy, but in a way the little guys can afford (that is, providing defense-in-depth and support to bolster both security and personnel). To do this, we understandably have to get a little creative.
We position the Outpost right outside of the firewall, at the furthest edge of the network. This not only covers the exploits of known CVEs, but allows us to also protect against those misconfigurations and holes that have been created – intentionally or unintentionally – that have nothing to do with known threats.
The Outpost utilizes our unique Network Cloaking methodology to make your entire network invisible to the outside attacker. It can spot and block malicious C2 commands – going into and out of the network – and detects misconfigurations, problems on the network, and traffic to unwanted places. Saving you resources, it blocks them autonomously.
Insight goes above and beyond traditional IDS and “known-bad” CVE exploit alerts. It also leans into ML-based anomaly detection and gives you an unprecedented, simple view of all your network flows, for easy network troubleshooting and visibility into potential malicious traffic on the inside of your network.
We meet a lot of organizations every day that are just beginning to build out their security stack: schools, small retail businesses, and municipal utilities to name a few. They need solutions that work now (without a complete architectural or SOC overhaul) and can still protect them from some of the most prevalent threats out there.
Ted has worked with network security and web technologies for almost 30 years, beginning his career as a full-stack web engineer and transitioning to network security. He now guides Nomic and its supporting initiatives, including CINS Active Threat Intelligence.