The WannaCry ransomware attack spread so quickly and has been so disruptive that IT departments can’t get enough information about what caused it, how it can be remediated and what can be done to protect their organizations from similar threats. This thirst for insights, explanations and best practices was evident during the Q&A portion of our recent webcast “How to Rapidly Identify Assets at Risk to WannaCry Ransomware.”
It didn’t have to happen.
That’s the simple yet profound lesson from WannaCry’s ransomware rampage that has infected 300,000-plus systems in more than 150 countries, disrupting critical operations across industries, including healthcare, government, transportation and finance.
If vulnerable systems had been patched and maintained as part of a proactive and comprehensive system configuration and vulnerability management program, the attack would have been a dud, barely registering on anyone’s InfoSec radar.
“WannaCry was totally preventable with the proper patching and the proper build configurations,” Mark Butler, Qualys’ Chief Information Security Officer (CISO), said during a webcast this week. “That’s a reminder to all of us that you didn’t have to be a victim.”
There are various workarounds for mitigating the underlying WannaCry vulnerability, but those are stopgap measures. “The primary way to remediate this vulnerability is through disciplined and timely patching,” Qualys Product Management Director Jimmy Graham said during the webcast, titled “How to Rapidly Identify Assets at Risk to WannaCry Ransomware.”
To assess infections from WannaCry ransomware and threat exposure from the Shadow Brokers vulnerabilities across an entire IT environment, it’s helpful to visualize your exposure via dynamic dashboards.
Using Qualys AssetView and ThreatPROTECT, I created a single-pane incident response dashboard containing six key data points that provide a complete picture to assess both infection of WannaCry and threat exposure from the Shadow Brokers vulnerabilities. With the data from this dashboard, you can take immediate action against WannaCry. Each dashboard element automatically collects trend data that allows customers to track their remediation efforts over time.
See Visualizing WannaCry and Shadow Brokers: How to Configure Dashboards in AssetView for the details of the dashboard, including how to create dashboards in Qualys AssetView and specifically how I built the dashboard for WannaCry and Shadow Brokers.
To manage privileged credentials, especially across multiple systems in complex environments, many organizations use privileged account security solutions. Qualys has integrated with such solutions for a long time, and has recently upgraded its CyberArk integration to include CyberArk Application Identity Manager. This provides organizations a simplified way to manage access to privileged credentials (passwords and SSH keys) while performing vulnerability and compliance trusted scanning, without the need to store credentials in the Qualys platform.
The looming deadline for complying with the EU’s General Data Protection Regulation (GDPR) is shining the spotlight on a foundational InfoSec best practice: A comprehensive IT asset inventory.
The reason: GDPR places strict requirements on the way a business handles the personally identifiable information (PII) of EU residents. For example, companies must know what PII they hold on these individuals, where it’s kept, with whom they’re sharing it, how they’re protecting it, and for what purposes it’s being used.
An organization can’t expect to comply with GDPR if it lacks full visibility into the IT assets — hardware and software — that it’s using to process, transmit, analyze and store this data.
“If you don’t know what IT assets you’ve got, how can you effectively find the data on your network that you need to meet GDPR requirements?” said Darron Gibbard, Qualys’ Chief Technical Security Officer for the EMEA region, during a recent webcast.
This new release of the Qualys Cloud Suite, version 8.10, includes new capabilities and improvements to for VM, PC and shared platform improvements:
- Authentication Vault integration with BeyondTrust
- Mandate-Based reporting for Policy Compliance to simplify reporting against multiple mandates and audit frameworks.
- Expanded support & features for scanning Cloud Environments such as Amazon EC2, Azure, and Google GCE.
- VM Scanning, Reporting, and SSL Labs Improvements
- Ability to export/import UDC definitions with Policy XML and Qualys Library Content
- Policy Compliance support for PostGRE SQL and UDC Support for Amazon Linux 2016
- Qualys Cloud Platform 8.10 (VM/PC) API Notification 1
- Qualys Cloud Platform 8.10 (VM/PC) API Notification 2
Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.
In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.
This release includes new policies and updates covering:
- Initial coverage for DISA STIG on Windows
- SCM for Windows Server 2016
- New CIS versions for CentOS, Windows Server 2008 R2/2012 R2
- Several updates to minor versions for Vendor Recommended and CIS policies.
Here’s a common scenario organizations increasingly face: Too many web apps with too many vulnerabilities and no chance for immediate remediation.
In the interim, the organization is left exposed to potentially devastating breaches, at a time when web apps have become one of cyber attackers’ favorite targets.
Reserve Bank of India (RBI), India’s central banking and monetary authority, points out that the number, frequency, and impact of cyber incidents on Indian banks has increased substantially. Like their peers globally, Indian banks are committed to maintaining customer trust, protecting financial assets, and preserving their own brand and reputation as the industry will remain a top target of cybercriminals using increasingly sophisticated methods. Thus, it is urgent that banks continue to improve their cyber defenses.
In a race to adopt technology innovations, the exposure to cyber incidents/attacks has also increased, thereby underlining the urgent need to put in place a robust cyber security and resilience framework. The Reserve Bank of India has provided guidelines on Cyber Security Framework vide circular DBS.