Coping With 0-Day Anxiety
By Mark St. John
The current exploit release cycle is as consistent as moon phases. The financial profitability of both creator and exploiter is higher than ever, with no signs of slowing down. The creativity of the modern attacker continues to outpace the defenses and automation we work hard to deploy. It is both exhausting and exhilarating to live and work in this strange ecosystem.
We know it is coming.
Our industry is finally accepting living the post-breach lifestyle. Organizations are harvesting log and system data in hopes of identifying and minimizing impacts. XDR, EPP, and newer methods of network segmentation are being rolled out and fed for daily. Even with this back-breaking lift, we still see heavily impacted remote exploits move to new territory. Border devices like Load Balancers and VPN clients had a rough year in 2020. Exchange isn’t having the best start to 2021. Even with enhanced capabilities and a new approach to defense, we still, rightfully so, get filled with existential dread with each new vulnerability released.
Constant visibility into your assets is one of the most extensive steps you can take to alleviate anxiety when a new exploit drops affect services you use.
Follow your knowns first.
Creating and maintaining an accurate inventory of your assets is the essential step in keeping your fears down. Understanding your asset landscape and making quick and decisive decisions on mitigation and remediation of new exposures cannot happen without it. The quicker you can determine your exposure probability to a recent event, the faster you can ensure coverage or mitigation while maintaining sanity. Hope is not an option here after one pass; however, this is a continual process that must be daily to ensure new systems and services are in view.
Fix your unknowns
You can’t secure what you don’t know. You have to get aggressive in finding blind spots from previous deployments and staying on top of new implementations. Relying on human upkeep up these systems will fall. Continuous, automated discovery of your assets is the best start to ensuring you do not get caught by surprise with a new environment or batch of services. Visibility upkeep is not a one-time or quarterly process. It should be a daily task in your organization.
We built our platform around aggressive daily visibility and insights, don’t hesitate to reach out to understand how we can start you on the right path.