Want to strengthen cybersecurity? Start by improving your discovery process
In today's world, the need for organisations to have comprehensive cybersecurity solutions in place has never been greater. New vulnerabilities are exposed on a daily basis, and data breaches pose not only monetary but reputational risk.
In a recent example of the havoc that can be wrought by cyberattacks, Garmin was the victim of a high-profile ransomware attack, whereby its data was encrypted by the WastedLocker malware, resulting in service disruptions and a significant financial blow. Customers couldn’t log in to Garmin Connect to analyse their fitness data and, more significantly, pilots using flyGarmin were unable to download the most recent aviation databases that aviation regulators require before flying. It was widely reported that Garmin paid a $10 million ransom to unencrypt the data and resume service to its users.
Strengthening cybersecurity starts with improving discovery
Research conducted by the Ponemon Institute shows that cybersecurity incidents resulting from insider threats have risen 47% since 2018. More often than not, these threats are not malicious or intentional; they’re caused by negligent users — essentially, human error.
Mistakes can be made at any stage of the vulnerability management lifecycle, but discovery is arguably the most critical to get right. There’s a reason that the first CIS Control focuses on knowing your hardware.
In many organisations, the Security team works with IT Ops prior to conducting a security scan to organise assets and agree upon the scope of the scan, then configures the scanner accordingly. Theoretically, this should enable a comprehensive scan of the assets that both teams deem important. But any assets that are not identified as part of the discovery process — and thus are left out of the scan — are effectively invisible when it comes to detecting and remediating vulnerabilities that may impact them. You can only protect and secure what you know you have.
Say a user provisions a server and does not inform the Security team. This asset never gets scanned and is now susceptible to a cyberattack which, in turn, leaves the rest of the network vulnerable. Given that dozens of new servers may be provisioned each week, this is not an unlikely scenario.
To err is human — so limit manual intervention
Avoiding errors caused by human negligence is made drastically easier by limiting manual intervention in your vulnerability management process. Automating infrastructure discovery mitigates the risk of a minor communication breakdown that could result in a major issue.
Puppet Remediate continually and automatically discovers what is running in both your cloud and on-premise environments and displays these resources in a dashboard, so new resources show up as they’re added. Within the dashboard, you can access a view that shows only nodes that have been up for less than 24 hours, so it’s easy to identify newly created assets.
This bird’s eye view of your infrastructure makes it easy to identify and prioritise assets that need to be added to the next security scan. Remediate integrates with Qualys, Rapid7, and Tenable, overlaying vulnerability data from your scanner with everything running in your environment to show you which nodes are at risk and which vulnerabilities should be prioritised based on the number of affected hosts in your network.
Once you’ve identified and prioritised vulnerabilities, you can run one-off remediation actions (such as updating a package or stopping a service) from Remediate via SSH or WinRM. Puppet Enterprise customers can also run tasks via the Puppet Agent to remediate a vulnerability on any nodes under Puppet management.
Improving cybersecurity posture is a significant challenge for every organisation — complex, cross-functional, and increasingly complicated by the growing volume and sophistication of cyberattacks.
You can’t eat the whole elephant at once. But you can make a big dent by prioritising the low-hanging fruit. Analyse your workflows to identify bottlenecks that delay vulnerability response time, processes that are most susceptible to human error, or stages where a small mistake is most likely to lead to outsized risk. Automating these steps can go a long way toward a strong defense.
- Read the security-focused State of DevOps Report to learn which DevOps practices make the biggest impact on your organisation’s security posture.
- Learn more about how to discover and manage resources with Puppet Remediate.
- See how Puppet Remediate helps streamline every stage of the vulnerability management lifecycle for Linux and Windows teams.