I am sitting here at 6 a.m. doing the morning review of all our Paladin Sentinel Monitoring school districts. The storm came overnight and there were lots of noisy UPSes, but thankfully it was a pretty boring morning.
Boring is good.
I am also reviewing my overnight emails and some vulnerability reports for an upcoming service offering we will be talking to you about shortly.
Reviewing all of this a few things came to mind:
- The pace of MS-ISAC and CISA browser exploit warnings is absolutely insane. It seems a few times a week at least there is some "urgent" issue with Google Chrome, Microsoft Edge, and Firefox. Most attacks will come against your endpoints and for most of you, that means your browsers and/or your email (accessed from a browser). This is scary. You absolutely have to have a plan in place to update your browsers weekly, if not sooner. There are a bunch of ways to do this such as by using Group Policy, SCCM, KACE, or via other means.
- In looking at our new vulnerability report service there are a couple of programs requiring critical patching that seems to be installed almost everywhere. VLC, Audacity, Adobe Acrobat, Adobe Flash, and Microsoft Silverlight pop right off the screen with the install base of vulnerable machines in the hundreds or thousands per district. Again, you have to have a sustainable process to know where your exposure is and effectively manage it. Having a handle on vulnerabilities and remediating them is a significant part of your NIST alignment process.
If you work to resolve and keep up on my brief list, you will have gone a long way toward shrinking your vulnerabilities and the risk associated with having unpatched software.
CSI has a number of existing and new strategies for identifying and managing all this vulnerability chaos.
Give us a call, we'd love to share our thoughts with you.
-Scott Quimby, CISSP