CTO
NNT - New Net Technologies
Out of all the cat videos you could watch, how do you decide which one to view first? The beauty of social media is its real-time, democratic operation. Everyone gets to vote and the content with the most shares is the People’s Choice, rightfully ‘The Best’. But we now know this Facebook-era notion of ‘most popular equals best’ is open to abuse.
It turns out that a significant proportion of social media interaction is in fact, manufactured. To give it a glamorous sheen, it’s artificial intelligence at work, and mainly working for good. Indeed, many of these computer-generated social media contributors are there to automatically inform us, whether it be storm warnings or stock market movements.
But there is also a dark side. The bot-powered likes and retweets of fake news intended to influence public thinking are now strongly suspected of playing a major role in both the last US elections and the UK Brexit vote. The algorithms have been played, and since two-thirds of us get our news online, it’s a global issue.
Media influence isn’t new. It pays to advertise and media moguls long ago recognized the power of editorial control to shape thinking. Trash your enemies while lauding your allies. However, despite knowing that it is prone to subversion, we still use social media to keep ourselves updated on news and politics. The conclusion is that getting the latest news fast outweighs the fact that it comes from a potentially corrupted source.
The opposite applies when it comes to vulnerability scans. We are prepared to wait for scan results with most only getting a monthly update at best. Surprising when new vulnerabilities are discovered every day, with over 20362 new vulnerabilities recorded in 2019. Despite this, security control frameworks like NERC CIP and PCI DSS only mandate the need for scans every 30 days, although this is largely constrained by the practicality of running repeated scans that take days to complete. The result is a disconnect between our awareness of new threats, and our ability to test our susceptibility to attack.
The scanning market has tried to innovate around the issue. Lightweight scans that only test for vulnerabilities discovered since the last one are a logical approach that helps shorten scan intervals. By only scanning with a handful of new tests, the scan impact and duration is a fraction of what is otherwise needed for an ‘all tests’ scan. The payoff is that scanning frequency can be increased, but it also introduces new challenges. What if a vulnerable product is installed, or other known-unsafe changes made between scans? If the salient tests are skipped because they passed previously, there will be no way to pick up newly introduced known-vulnerabilities.
As such, most continue to run full scans every time, even if it leads to longer periods of ‘vulnerability blindness’ between scans. Needless to say, a vulnerability scan is not going to detect whether you have already been breached.
Which brings us to some more old news: you need a layered approach to security with a range of controls and procedures. And when it comes to addressing vulnerability blind spots between scans, Change Control is the most critical complementary security best practice. Change Control differs from traditional Change Management because it affords forensic visibility of changes and crucially, automatically distinguishes between planned, and unplanned, change. Modern system integrity monitoring technology analyzes all changes as they happen, filtering out regular activity like patching, and even going as far as to reconcile observed changes with ITSM Change Requests. By cutting out the ‘change noise’ associated with old-fashioned file integrity monitoring techniques, false positives are diminished while genuine indicators of compromise are exposed.
It means that blind spots between scans become controlled and security maintained. The risk of being compromised between scans is mitigated by the assurance that breach activity will be detected. Equally, when planned changes are made, these are intelligently evaluated to confirm delivery of the required end-state. So, there’s no escaping it: a range of security controls and technologies is critical for maintaining security.
New Net Technologies (NNT) is now part of Netwrix