Not only does F-Secure RADAR provide a means to detect vulnerabilities in network resources, IOT equipment, websites and anything that speaks Internet Protocol (IP) but it also provides easy-to-understand solution information for the detected vulnerabilities.
Threats can enter a network from any point – not only the servers or websites, and they can be external, internal or a combination of both. Their nature should be factored into the decision making when considering scanning priorities. External threats can exploit any vulnerability on a publicly accessible device or resource. This includes websites, terminal servers, cloud applications, VPNs, firewalls and anything that is discoverable on
the ‘open’ internet. Internal threats, on the other hand, exploit resources on an internal network that are usually considered to be protected by installed security applications.
Office-based servers, workstations, printers, mobile phones and IOT devices all fall into this category. Any device that has access to infrastructure of high importance poses a potential weakness to threats and may become a gateway for would-be hackers to gain entry. For this reason, internal threats need to be evaluated alongside the external ones to establish a complete overview of how vulnerable an organisation is to targeted attacks. The main focus needs to be that of determining what are considered to be the weak points that criminals will try to exploit in order to gain access to the most valuable & most secure areas of an organisation – typically where important data is kept.
Finding and fixing vulnerabilities
F-Secure RADAR’s Discovery Scan can detect any IP device within a network. The following should be done:
- Run the Discovery Scan on all known IP ranges within the organisation and schedule the scan to repeat every few days (or shorter). The scan will detect all online devices and assists in finding unauthorised devices on the corporate network.
- Scan all important devices and resources like servers, firewalls, routers, c-level personnel workstations/laptops with RADAR’s Vulnerability scanner. Devices that are replicated (hardware, software, model, configuration) within the network do not all need to be scanned. Scanning one replicated device will identify the vulnerabilities for all.
- Scan user workstations for vulnerabilities. In organisations with medium to large IT departments, workstation configurations are standardized and then rolled out to users offering a great deal of control to the IT team. In a perfect world, any software and configuration changes are strictly controlled. Unfortunately, users are an unpredictable factor which affect the workstations and the internal policies, reducing the effectiveness of the security controls.
Not all organisations have an IT department or make use of standardized rollouts, but if workstation standardization is enforced, scanning for vulnerabilities becomes easier as replicated devices will have the same vulnerabilities across all devices. If users manage their own devices (install & configure software), it is best to scan all of them.
- Make priority a key issue when fixing vulnerabilities. Assign priorities to devices based on what they are used for, what they have access to, who, and how many people have access to the devices, and how many vulnerabilities are detected.
- Patch software that has been detected as out of date on devices as soon as possible. Chances are that someone on the internet is already trying to break through the organisation’s defences and it’s just a matter of time.
- Don’t do too much at once. Patching is a process. Apply the patches one at a time, making sure that all of the services continue to function after installation. See Software Patching Best Practices.
- During misconfiguration remediations one should test, test and then test again before rollouts.
- Implement Authenticated vulnerability scanning. This type of scanning logs into the target device as a service and collects more granular information about the device, including 3rd party software vulnerabilities. Rescan target devices after vulnerability remediations to confirm that the fixes were successful and that no other vulnerabilities have appeared.
- Schedule scans to run regularly as new vulnerabilities appear almost daily.
F-Secure has security experts who provide solutions on how to fix the various vulnerabilities. Take their advice to harden the attack surface of an organisation and help prevent data breaches or network hacks.