Staying One Step Ahead of Security Vulnerabilities
Keeping up-to-date on new threats and software updates is critical to maintaining a secure network
You’ve installed a firewall and intrusion prevention system (IPS) to secure the perimeter of your small business network. You’ve configured your protection measures to filter dangerous traffic, secure remote access, and control who can access your network. You’ve added antivirus and antimalware software to every computer and laptop in your organization. Your business is now safe from attackers lurking on the Internet, right?
Well, yes, for now. But if you don’t keep up with the constantly changing world of security vulnerabilities, your network won’t stay locked down for long.
New network vulnerabilities and security attacks are continually cropping up. Technology vendors discover new holes and release patches to their products’ firmware and software on a regular basis. But attackers are moving just as fast to exploit those holes and invent new ways to break into your network.
There are three ways you can stay on top of this moving target. Depending on how comfortable you are handling your network security, you can take a completely DIY approach by following vendors’ advisories, subscribe to a service that will inventory and automatically update your software, or contract with a security professional to manage security updates for you.
Taking the DIY approach
If you have the resources and the inclination, you can squarely hit the moving target of security vulnerabilities on your own. First, start by subscribing to the security advisories that each vendor provides free of charge for their networking gear, computers, and software. Many companies publish an advisory for any issue impacting an individual product, so it’s possible you’ll receive a glut of alerts that don’t pertain to your network. So, make sure you know which products are installed on your network and just focus on the relevant advisories.
Also, make sure to check your vendors’ websites for new and any missed security patches, which you can usually download for free. And be sure to enable any automatic updates available through your installed software, including operating systems and firmware.
Larger vendors may provide even more security resources on their websites. For instance, the Cisco Security Intelligence Operations consolidates a variety of security resources, including clickable lists of current security threats, event responses, and security advisories. You also can sign up to receive text messages about security updates, virus alerts, and RSS feeds. Like most advisories, this information is highly technical and is geared toward larger companies with in-house security expertise, but the information is just as important to businesses of every size.
Finally, extend your research to vendor-neutral organizations that monitor ongoing security threats. Organizations such as CERT, US-CERT (United States Computer Emergency Response Team), and FIRST (Forum of Incident Response and Investigation Teams) not only release advisories but also work to coordinate responses against large-scale global incidents. These sites are a great resource for security best practices as well as incident response information.
Signing up for a service
If you want some help with security updates but don’t want to invest a lot of money, you can subscribe to a service that provides an application that can help you find and automate software updates on your computers. Two popular free services are CNET TechTracker and Secunia Personal Software Inspector (PSI). These applications compare the software on a computer against a continuously refreshed database of vendors’ software updates and patches. The service then generates a report from which you can download the necessary software updates. Using your favorite search engine, similar “vulnerability management” services are available for your network infrastructure.
Bringing in outside help
Keeping up with the latest security threats can be a full-time job. Sometimes the best way to stay current on vulnerabilities is to enlist the help of an expert, such as a local Cisco reseller who specializes in security. A partner can inventory your network devices and systems, monitor for security holes and other issues, and install the appropriate patches or updates as needed.
When it comes to network security, the more informed you are, the better decisions you can make. How is your small business keeping up with ever-changing security threats and network vulnerabilities?