The internet has enabled us to live in a world where we can all leverage our collective experience to improve our individual decision-making. Just moved to town and need a new dentist? Check candidates out on-line, and specifically the ratings other patients have given them. In the market for a new appliance? Read the reviews on Amazon, especially the ones that doled out poor grades. Looking for a spot to spend your precious vacation time and dollars? TripAdvisor is indispensable. Indeed, we’ve been sharing information and making decisions based on collective experience since we first started communicating; the internet simply made it infinitely more efficient. There’s now no need to ask the neighbor if they like their new Tesla if you’re considering a purchase; you can avail yourself of hundreds of on-line reviews with a few clicks. Wouldn’t it be nice if that were the case for vulnerability remediation? Well…
Collective Experience in Cyber Security
To some extent, the cybersecurity community has embraced the concept of collective experience, albeit modestly. For example, threat sharing, be it via a formal platform or feeds from industry organizations like ISACs and ISAOs, has been around for several years, and can be helpful. Security professionals gather at conferences to share strategies on the best way to defeat ever-evolving threats, and infosec practitioners have myriad online groups, local organizations, and other means of exchanging threat and other relevant security information with peers. These efforts by the information security community to unite against the threat actors of the world are admirable, but the shared information is ad hoc, can be difficult to integrate methodically into cyber defense systems, and generally, difficult to act on.
Leveraging Collective Experience in Vulnerability Remediation
Cutting to the chase: we think there’s a more effective way to leverage collective experience for the benefit of the cyber security community, and we’re starting in the world of vulnerability remediation.
In this segment of the cyber security universe, trackd is leveraging the concept of collective experience more purposefully than has typically been the case in the infosec community at large. Remediating vulnerabilities is a universally endorsed, foundational means to reduce enterprise cyber risk, and yet the number of unpatched vulnerabilities on corporate networks continues to rise worldwide, as does the number of breaches that can be traced to the exploitation of an unpatched vulnerability. And, in survey after survey, the top two reasons given by remediation teams for the slow rate at which vulnerabilities are patched are 1) lack of resources, and 2) fear of network disruption, in other words, the applied patch breaking something.
Rolling the Dice vs. Collective Experience
Today, when a remediation team decides how to address a given vulnerability, in a sense they’re rolling the dice. Without any data, they’re left to guess if the patch is likely to cause disruption, or if it can be safely applied with little risk to network operations. But what if the remediation team could make a quick call to one of their peer groups at another organization that recently installed the same patch to see how it went for them? Or maybe 5 or 6 such calls? Or 100? The fear of breaking the network might diminish, and the remediation team may more confidently leverage auto-patching, directly addressing those 2 primary reasons for patching delay.
That’s the concept behind trackd’s vulnerability remediation platform. Not only does it perform conventional vulnerability management functions like asset/vulnerability correlation and patch scheduling and delivery, but it also collects patching performance telemetry from all users and anonymously shares those patching experiences with the entire trackd user community in real time. Thus, when the remediation team is reviewing its list of unpatched vulnerabilities, not only do they see the device, the vulnerability and the patch availability status for each one, they’ll also see the patch’s disruption history on the networks of other organizations – without identifying the other organizations, of course – that have already applied the patch. The shared and cumulative experience of remediation teams from an ever-growing number of organizations empowers each of them to make knowledge-based decisions about individual patching activities, speeding the patching process and thereby reducing their cyber risk.
And you thought Google reviews and vulnerability remediation have nothing in common. Now they do.