Long before a cyberattack is underway, organizations need to be focused on improving their security. Part of this is to always be monitoring their environment, on the lookout for weaknesses and ready to take action if they are found. This is the best way to ensure the organization remains immune to attacks of the sort. One of the most common weaknesses that organizations face in their systems and applications are software vulnerabilities, and since most attackers are well aware of this, it is a favorite point of breach.
In the effort to assist organizations in finding such vulnerabilities, Cynet has launched its Free Vulnerability Assessment offering, which gives organizations 14-days of free access to the Cynet 360 platform with the ability to utilize its built-in vulnerability assessment capabilities.
In a nutshell, a vulnerability is a sort of “bug” in the organization’s software which allows an attacker to manipulate it with malicious intent. It could be, for example, a Word document vulnerability which allows an attacker to transparently open a connection to the innocent user’s computer as soon as the user double clicks to open their file. This could allow the attacker to execute code on the user’s machine, installing malware without their knowledge.
Knowing this, it only makes sense that most security-conscious organizations regularly deploy patches issued by software vendors as soon as they become available. But in actuality, this is furthest from the truth. “Initially, it made little sense to me,” said Eyal Gruner, Cynet president and cofounder. “My background is offensive security, and we all know that an organization which is fully patched stands up much better against an attacker. And we also know that unless it is an extremely targeted attack, the attacker prefers to invest their efforts on the lesser protected organizations. Yet, even knowing this, people do not install their patches.”
As Gruner tells it, when he began learning the issue up close, he and his team at Cynet found that there were operational obstacles which came into play when not patching was an issue.
“First off, the organization needs a dedicated product to scan their environment, which does not happen without designated budget. The next step is deployment, which requires manpower and resources, especially to completely cover the environment. And after this, there is the issue of needing someone on your team with the knowledge and ability to operate the product. IT and security teams are already busy without the added responsibility that frequently brings the automatic ‘no-go’ when it comes to implementing patches.”
So, while this may explain why getting organizations to patch is so difficult, it still does nothing to justify this.
“Let’s remember that it is so easy to get your hands on an exploit kit, allowing anyone – even if they have no hacking skills – to easily distribute exploits, armed ransomware, cryptominers and others,” said Gruner. “All it takes is one of these in your environment and you could easily be talking about five times the work and money it would take to purchase, deploy and operate patches.”
Gruner explains that his understanding was that vulnerability assessment would play a crucial role in the Cynet 360 breach protection platform. This meant that to Cynet users, purchase and deployment issues were no longer an issue, and operation was part of the package in the Cynet platform. “Simplicity was our goal – as with all Cynet functionalities, can we give it to the user in a single-click? And yes, we did it.”
Cynet reporting options
An example of missing patch in Windows
Cynet has taken all this into account as it launches a free offering of its Vulnerability Assessment, providing organizations with 14-day access into the 360 platform. The offer allows any organization to connect to the platform and start scanning its endpoints, experiencing the power, speed and full visibility that come with the platform.
The following are some of the benefits of the Cynet Free Vulnerability Assessment offering:
- Immediate time to value: Rapid installation and the ability to scan thousands of hosts in minutes.
- Complete visibility: Vulnerabilities in OS and application are detected and flagged for prioritization and patching.
- One-click: The platform provides easy to read reports for all security needs. Simply click and read.
Two main security and IT audiences are the focus of the Cynet Free Vulnerability Assessment:
- The patchers – in this case, Cynet accelerates and optimizes the organization’s existing workflow.
- The nonpatchers – here, Cynet introduces an easy way to increase the level of breach protection in the organizations, with no operational burden.
“We hope that when people understand how easy patching can be, they will say ‘hey, this is a no-brainer.'” Said Gruner. “And we all know that there is no magic formula that will make you 100% secure, but this will definitely make you 100% more secure than you are if you are not patching.”
