Big Data

How data-driven patch management can defeat ransomware


All the sessions from Transform 2021 are available on-demand now. Watch now.


Ransomware attacks are increasing because patch management techniques lack contextual intelligence and historical data needed to model threats based on previous breach attempts. As a result, CIOs, CISOs, and the teams they lead need a more data-driven approach to patch management that can deliver adaptive intelligence reliably at scale. Ivanti’s acquisition of RiskSense, announced today, highlights the new efforts to close the data-driven gap in patch management.

Ransomware attempts continue to accelerate this year with the attacks on Colonial Pipeline, Kaseya, and JBS Meat Packing signaling bad actors’ intentions to go after large-scale infrastructure for cash. The Institute for Security and Technology found that the number of victims paying ransom increased more than 300% from 2019 to 2020. According to its Internet Crime Report, the FBI received nearly 2,500 ransomware complaints in 2020, up about 20% from 2019. In addition, the collective cost of the ransomware attacks reported to the Bureau in 2020 amounted to roughly $29.1 million, up more than 200% from just $8.9 million the year before. The White House recently released a memo encouraging organizations to use a risk-based assessment strategy to drive patch management and bolster cybersecurity against ransomware attacks.

More ransomware fuels more attempts

Ransomware attacks aimed at soft targets are increasing because legacy security infrastructures aren’t designed to protect against current ransomware threats and the lucrative value of the data they store. Hospitals and healthcare providers’ extensive databases of personal health information (PHI) records are best-sellers on the dark web, with Experian noting they can sell for up to $1,000 each. Ransomware attackers concentrating on city and state utilities, gas pipelines, and meatpacking plants are after the millions of dollars in insurance payments their victims have shown a willingness to pay. According to John Kerns, an executive managing director at insurance brokerage Beecher Carlson, a division of Brown & Brown, ransomware claims have increased by upward of 300% in the past year.

Victimized organizations paying ransom and having insurance cover the losses make ransomware one of the most lucrative cybercrimes for online criminals. Insurance companies that sell cyber insurance are considering limiting their liability to ransomware attacks by writing coverage out of their policies. French insurance giant AXA is one of the first, announcing that starting in May, it would stop reimbursing ransomware payments in France after French officials raised concerns that the payments were encouraging more crime. There’s an urgent need for a more data-driven approach to protecting against ransomware attacks.

Thwarting ransomware with better data 

Patterns emerging from this year’s growing number of ransomware attacks show organizations rely on an inventory-based approach to patch management and aren’t systematic in managing cybersecurity hygiene. As a result, organizations often lack visibility into risks and cannot prioritize which endpoints, systems, cloud platforms, and networks have the greatest vulnerability. All ransomware attack victims share the common trait of having limited contextual intelligence of the multiple ransomware attempts completed before their companies are compromised. Lacking the basic cybersecurity hygiene of multi-factor authentication (MFA) across all accounts and increasing the frequency and depth of vulnerability scans are two of many actions organizations can take to improve cybersecurity hygiene.

Inventory-based approaches also lead to conflicting agents on endpoints. Conflicting layers of security on an endpoint are proving to be just as open to ransomware attacks as leaving the endpoint exposed completely. Absolute Software’s 2021 Endpoint Risk Report finds that the greater the endpoint complexity, the more unmanageable an entire network becomes regarding lack of insights, control, and reliable protection.

Automating patch management with bots is a start

Bots can identify which endpoints need updates and their probable risk levels, making the most current and historical data to identify the specific patch updates and sequence of builds a given endpoint device needs. Another advantage of taking a more bot-based approach to patch management is how it can autonomously scale across all endpoints and networks of an organization. Bots can scan all endpoints, determine the ones most at risk, and define unique patch update procedures or steps for each based on IT and cybersecurity technicians’ programming their expertise into the system.

Instead of relying on a comprehensive, inventory-based approach to patch management that is rarely finished, IT and security teams need to fully automate patch management. Taking this approach offloads help desk volumes, saves valuable IT and security team time, and reduces vulnerability remediation service-level agreement (SLA) metrics. Using bots to automate patch management by identifying and prioritizing threats and risks is fascinating to track, with CrowdStrike, Ivanti, and Microsoft being the leading vendors in this area.

Improving bots’ predictive accuracy is the next step

Bot-based approaches to patch management are becoming more effective in how they interpret and act on historical data. Bots have improved their patching accuracy by continually adopting and mastering the use of predictive analytics techniques. The more historical data bots have to fine-tune predictive analytics with, the more accurate they become at risk-based vulnerability management and prioritization. Improving predictive analytics accuracy is also the cornerstone of moving patch management out of the inventory-intensive era it’s stuck in today to a more adaptive, contextually intelligent one capable of thwarting ransomware threats. The future of ransomware detection and eradication is data-driven. The sooner the bot management providers can get there, the better the chance to slow the pace of attacks dominating the global cybersecurity landscape.

Supervised machine learning algorithms excel at solving complex constraint-based problems. The more representative the data sets they’re trained with, the greater their predictive accuracy. There’s a gap between what patch management vendors have and the data they need to improve predictive accuracy. Look for private equity and venture capital firms to find new ways to close the data-driven gap in patch management.

Ivanti acquires RiskSense

That’s what makes Ivanti’s acquisition of RiskSense noteworthy. Ivanti gains the largest and most diverse data set of ransomware attacks available, along with RiskSense’s Vulnerability Intelligence and Vulnerability Risk Rating. RiskSense’s Risk Rating reflects the future of data-driven patch management as it prioritizes and quantifies adversarial risk based on factors such as threat intelligence, in-the-wild exploit trends, and security analyst validation.

Additionally, 30% of RiskSense customers are already Ivanti customers. As part of the acquisition, Ivanti announced their Ivanti Neurons for Patch Intelligence is now available to customers who also have RiskSense licenses. “Ivanti and RiskSense are bringing two powerful data sets together,” said Srinivas Mukkamala, RiskSense CEO. “RiskSense has the most robust data on vulnerabilities and exploits, including the ability to map them back to ransomware families that are evolving as ransomware-as-a-service, along with nation-states associated with APT groups. And Ivanti has the most robust data on patches. Together, Ivanti and RiskSense will enable customers to take the right action at the right time and effectively defend against ransomware, which is the biggest security threat today.”

Microsoft’s accelerating acquisitions this year in cybersecurity reflect how ransomware has become a top priority for the company. Microsoft announced its acquisition of RiskIQ on July 12. RiskIQ’s services and solutions will join Microsoft’s suite of cloud-native security products, including Microsoft 365 Defender, Microsoft Azure Defender, and Microsoft Azure Sentinel.

What’s ahead for ransomware protection

Organizations need to get beyond the inventory-intensive era of patch management and adopt more contextually intelligent, adaptive approaches that rely on bot management at scale. In addition, patch management needs to be more data-driven to stop the increasing sophistication and volume of attacks.

Even if insurance providers write ransomware coverage out of contracts, the cost of ransomware attacks on organizations’ productivity and financial health long-term is alarming. Instead, there needs to be a more data-driven approach to patch management and ransomware deterrence. In the past two months, Microsoft acquired two cybersecurity companies, and Ivanti acquiring RiskSense today reflects how vendors are addressing the challenge of containing ransomware with better data to model against and thwart attacks.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.