It’s No Longer Feasible to Manage Threats Individually, Given the Sheer Volume of Security Gaps That Exist.
Faced with hundreds, thousands, and even hundreds of thousands of vulnerabilities across their IT infrastructures leaves security practitioners at a virtually insurmountable disadvantage. The result is often lengthy dwell times and asynchronous iterations that limit the effectiveness of cyber security programs. This begs the question what is holding us back from prevailing against cyber-attacks. And more importantly, what are emerging approaches that allow organizations to transition from a traditional domain expert model to an interactive, iterative, and collaborative model.
According to Gartner (see ‘Designing an Adaptive Security Architecture for Protection from Advanced Attacks’, January 2016), enterprises often make the mistake of implementing a reactive, rather than pro-active approach to cyber security. They often rely on blocking techniques, which are proven to be ineffective.
One of the biggest problems in cyber security today is how to manage the volume, velocity, and complexity of data generated by the myriad of IT security tools in a typical enterprise. Feeds from these disconnected, siloed tools must be analyzed, normalized, and remediation efforts prioritized. The more tools, the more difficult the challenge. Ultimately, this data aggregation and analysis requires legions of staff to comb through massive amounts of data to connect the dots and find the needle in the haystack. These efforts can take months, during which time attackers can exploit vulnerabilities and extract data.
Even if an organization can hire enough qualified resources to perform this analysis, they often misalign remediation efforts by relying on internal security intelligence that lacks context regarding active threats and which specific vulnerabilities they are exploiting. Without taking external threat data and business criticality into account, security teams can focus on mitigating the wrong gaps. In many cases, just reacting to past threats rather than taking a pro-active approach based on predictive analytics to shut the window of opportunity before attackers can take advantage of it.
Let’s consider the key factors that limit the effectiveness of cyber security programs.
One Dimensional View
First, many organizations, and even vendors, are still focusing on the network layer, while barely acknowledging other areas of the attack surface; for example, the application layer. What’s needed instead is a holistic view of the attack surface, to match the strategies and capabilities of adversaries. The Verizon 2016 Data Breach Report confirms this. The network layer and end points are only one piece of the puzzle. The attack surface has grown dramatically and therefore security practices should align accordingly.
CVE-Focus
Second, most vulnerability management tools rely on Common Vulnerabilities and Exposures (CVE), which can lead to a misalignment of resources and efforts. The POODLE vulnerability is a good example, which occurred in 2014. At the time it was published, it received a 5.5 rating by the National Vulnerability Database (NVD). It’s a common practice to filter vulnerabilities and only take action on those with a CVE value of 7 or higher. Using this model, the POODLE vulnerability would have been ignored. Finding out early that it was spawning hundreds of thousands of attacks, would have enabled organizations to adjust their remediation priorities to address the POODLE threat. This incident illustrates the importance of contextualizing internal security intelligence with external threat data.
To improve the odds of defeating cyber-attacks, organizations can implement the following three best practices:
1. Given the shortage of qualified security professionals, leverage technology to automate as many security operations tasks as possible.
2. Increase the frequency of security posture assessments as propagated by the National Institute of Standards and Technology’s “continuous monitoring and diagnostic” guidelines.
3. Lastly, extend protection measures to address today’s growing attack surface. This includes moving beyond the network layer and endpoints, to include applications, databases, cloud environments, the Internet of Things, etc.
It’s no longer feasible to manage threats individually, given the sheer volume of security gaps that exist. A holistic, risk-based approach that considers both security posture and business impact can reduce attack surfaces and reduce the dwell time during which vulnerabilities can be exploited.

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).
More from Torsten George
- Today’s Cyber Defense Challenges: Complexity and a False Sense of Security
- Why Endpoint Resilience Matters
- Ransomware Attacks: Don’t Let Your Guard Down
- Password Dependency: How to Break the Cycle
- Is Enterprise VPN on Life Support or Ripe for Reinvention?
- Cyber Resilience: The New Strategy to Cope With Increased Threats
- Cybersecurity Awareness Month: 5 Actionable Tips
- “Left and Right of Boom” – Having a Winning Strategy
Latest News
- Chrome 114 Released With 18 Security Fixes
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Breaking Enterprise Silos and Improving Protection
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
