Guide to managing threats

Guide to managing threats and vulnerabilities

Mark Hall - 17 July 2018

Most, if not all, systems and applications have vulnerabilities which can threaten your ability to keep them running and keeping your data secure. In fact, it is easy to feel overwhelmed by the number of vulnerabilities which exist and new ones are being discovered on a regular basis, so it is important to develop a strategy to manage them.

Focus on the vulnerabilities which pose a current threat

When I moved from the city to the countryside I found it unusual that a lot of my neighbours did not lock the doors of their house or their vehicles. With my city view of the world I could see that my new neighbours were vulnerable, however I quickly came to understand that living in a remote location means that the threat of burglary or theft is lower therefore people don’t always need to secure everything all of the time. Strangers are easy to spot, so even though it is more remote, the threat is lower. Living in the countryside does mean however that other vulnerabilities which are less of a threat in the city are more of a threat, so it is important to adapt.

The online world is not too dissimilar to real world. There are many vulnerabilities out there, but the ones which pose a real threat will be dependent on the systems and applications which you are running at the time.

By focussing on the vulnerabilities which actually pose a current threat to your organisation will give you a better chance of adequately protecting your systems and applications. It is important however to review the threats regularly and particularly when making changes or adding functionality to your application. For example, adding transactional ecommerce functionality to your application will immediately expose you to new threats which were not relevant beforehand.

The Open Web Application Security Project (OWASP) provides a good starting point for Application Threat Modeling.

Start with the basics

All organisations should have some basic safeguards and procedures in place to protect their systems and applications no matter what industry they work in. Protecting the perimeter of your network is essential. The choice and types of devices which you need to deploy will be based on the threats which you have identified. It is important to ensure that whatever device or devices you have in place are correctly configured and updated regularly to provide ongoing protection.

I cannot stress enough the importance of regularly patching the underlying operating system, databases, middleware and application code. This should be done regularly (at least monthly) and also when a new security vulnerability is identified which can threaten you. The reality is that the majority of successful security breaches which occur are due to systems and applications not being patched when patches were available.

There is no magic bullet (or device)

There are many companies offering a variety of devices which they claim will help you to protect your systems and applications from vulnerabilities. In my opinion many of these are a waste of money and only provide a false sense of security to those purchasing them. It would be fantastic to think that you could purchase a device or system, plug it in, configure it and think you are then protected from the vulnerabilities which threaten you, but such a thing does not currently exist (despite what some vendors may try and make you believe).

I’m certainly not saying that you don’t need any of these devices, but it is important to firstly understand which vulnerabilities actually pose a threat and therefore a risk. Once you know what you are trying to protect yourself against, then you are able to make an educated choice about the procedures and devices you want to put in place.

Understand the vulnerabilities which can affect your organisation

Every organisation is unique and the threats posed by various vulnerabilities will be different. For example, if your organisation does not process online transactions and payment card details then this is not a threat you need to mitigate against. However, if your application is managing personally sensitive information about individuals, then having robust security and monitoring processes in place is definitely necessary.

Some types of organisations such as Banks are more at risk from specific threats and vulnerabilities. Some organisations are more at risk from Distributed Denial of Service (DDoS) attacks as the reputational impact of your application or system being unavailable, even for a short period of time is severe.

You may wish to consider using a specialist company to help identify the vulnerabilities and threats which may exist within your systems and applications if you don’t have suitably skilled people within your team. At OWA we are able to help organisations who have existing applications in place and need help to manage, support and protect them going forward.

Once you have a clear understanding of the vulnerabilities which actually pose a threat to your organisation, only then can you put robust measures and procedures in place to mitigate against them.

Application monitoring and reviewing the threats

Once your system or application is live it is important to monitor it’s performance and to look for new threats. It isn’t unusual for application developers to simply try and prevent potential hackers from accessing their systems, however it is possible to learn from attempted hacks so that some of your defences can be reinforced.

Setting triggers and traps within your application which can then alert the necessary people within your organisation is a good start. Try not to show application errors which can give a potential hacker a clue to the underlying architecture of your application. Internal application errors should be trapped and logged and the user should only ever see a message which does not disclose any underlying information which could be useful to a hacker.

Managing new vulnerabilities and threats

All systems and applications contain vulnerabilities. Some will have been discovered, but many have not. It is important to regularly review new vulnerabilities and to establish which ones may pose a threat. You can then adapt or change your defences to help mitigate against them.

Overall the management of threats and vulnerabilities should be treated as an essential task for any organisation to ensure that their systems, applications and data remain secure.