In NSA: The Silence of the Zero Days, published in Data Breach Today, Mathew Schwartz discusses hackers’ rapid response to newly discovered flaws and/or exploits.
I was struck by a quote from David Hogue, the head of the NSA’s Cybersecurity Threat Operations Center (NCTOC). “Within 24 hours of a vulnerability or exploit being released, it’s weaponized and used against us.”
Vulnerabilities don’t get worse; they just get better for malicious actors. Like dynamite, they get more dangerous with age. Over time hackers develop new and more damaging ways to leverage known vulnerabilities. They become part of malware campaigns like WannaCry and NotPetya, which were based on existing vulnerabilities identified in the NSA leaked Eternal Blue exploit.
He also said, “… the existing state of network defenses wasn’t robust enough to make attackers have to rely on secret exploits that might get burned once used. ‘If you can live off the land, so to speak, you don’t need to dip into your toolkit.’”
The whole article is an excellent read and I recommend you do so. I have three main takeaways for government cyber leaders.
Worry about known vulnerabilities.
Rather than fret over exotic zero-day threats, focus on basic cyber hygiene. RedSeal can help by modeling your “as-built” network, including those in the cloud, by calculating all the ways data—and intruders—can move from one point to any other. Leveraging this knowledge of access, RedSeal ranks identified vulnerabilities based on the true risks to the organization, so your team’s effort is focused and maximized.
When zero days are identified, stay ahead of the onslaught.
When a zero-day exploit is made public, every hacker will be scanning for unpatched machines. RedSeal will identify the systems at the greatest risk and help identify the best course of action for each — whether applying a network change or patching the exposed systems.
Streamline and automate NSA’s Cybersecurity Threat Operations Center (NCTOC) best practices in your environment.
Applying NCTOC’s Top 5 SOC Principles to your organization, means using RedSeal to automate processes and free up humans to engage in high impact activities. RedSeal’s network modeling and risk scoring platform provides actionable intelligence for rapid investigation by identifying exposed assets and prioritizing actions.
Do you have a problem identifying and managing your network’s vulnerabilities? Click here to set up your free trial of RedSeal and choose the better way.