Understanding Cybersecurity Voids: Why Awareness of Unknown Threats Is Crucial Most Significantly
Oren Koren serves as the Chief Product Officer and co-founder at Veriti, a comprehensive security platform designed to maximize the efficiency of current security setups.
Organizations invest billions in vulnerability scanners and management tools to detect weaknesses across their systems, including servers, cloud infrastructure, applications, and endpoints. Despite the advancements in these tools, a disheartening reality persists: you can't capture them all.
Visualize your secure house equipped with a sophisticated alarm system, but with the basement window left unlocked. This analogy highlights the weakness in relying solely on vulnerability scanners, as they may create a false sense of control while leaving critical vulnerabilities unattended.
The Deception of Complete Coverage
Vulnerability scanners play a pivotal role but are not omniscient. Their effectiveness relies on human-defined parameters, which may be impacted by licensing constraints and assumptions about system configurations.
In real-world scenarios, these limitations often lead to overlooked vulnerabilities. For instance, an enterprise may deploy a scanner throughout its infrastructure, only to later discover that a network segment was overlooked due to a configuration error. Worse still, they may not recognize any vulnerabilities until a breach occurs.
Recently, an audit revealed that a development team had established new servers and databases for a project. Despite documenting the IP addresses for these resources, they were inadvertently excluded from scanners due to the client's specific scope definitions. This oversight resulted in exposed vulnerabilities, offering potential exploitation opportunities. This wasn't a problem with technology; it was a failure to acknowledge the scanners' limitations.
Recognizing the Unknown
The majority of cybersecurity strategies focus on addressing known issues and addressing vulnerabilities identified by scanners. However, it's essential to also examine unrecognized vulnerabilities. This shift in perspective is essential for cybersecurity.
Consider aviation for a moment. Despite rigorous examinations of every airplane system, pilots are trained to prepare for "unknown unknowns." They simulate various emergencies, including those they've never experienced, and concentrate on damage control strategies rather than flawless prevention. Cybersecurity could greatly benefit from adopting a similar approach.
Going Beyond the Checklist
Currently, the cybersecurity sector is fixated on remediation, addressing problems revealed by scanners. Gartner's continuous threat exposure management (CTEM) framework embodies this focus by emphasizing the resolution of known exposures. While crucial, it only forms part of the solution.
Imagine you're a ship captain, and your radar detects an iceberg. Naturally, you steer to avoid it. But what about the iceberg beneath the surface, the part the radar didn't detect? Safety lies in accounting for the entire picture, not just the visible threats.
In cybersecurity, this translates to implementing proactive measures to safeguard against vulnerabilities you haven't identified. If you can't confirm a system's security, presume it's at risk and employ existing tools to counter potential threats.
The Danger of Overconfidence
Many organizations blindly trust their tools, believing they hold all the answers. This overconfidence can be perilous.
I worked with one company that learned this lesson painfully. They spent substantial resources on vulnerability management but missed an essential detail – their scanner's license didn't cover containerized environments. Attackers abused a misconfigured Kubernetes cluster, resulting in a costly breach.
The lesson is clear: even the most advanced tools are only as effective as the individuals utilizing them. And those individuals must take into account what the tools may overlook.
A Call for Proactive Defense
So how can organizations transition beyond traditional vulnerability management? Here are three practical strategies:
- Embrace incompleteness. Just as pilots prepare for engine failures, cybersecurity teams should operate under the presumption that not all vulnerabilities have been identified. Create defense strategies based on this understanding.
- Utilize existing tools. Implement firewalls, endpoint detection systems, and other security controls to establish barriers against exploitation, especially for unidentified hazards. For example, stringent network segmentation can hinder an attacker's ability to spread laterally, even if they discover an entry point.
- Promote proactive remediation. Rather than waiting for scanners to flag vulnerabilities, take active steps to address common misconfigurations or high-risk areas. If you perceive a critical system as vulnerable by default, enhance its defenses.
Preparation and Humility
Cybersecurity is frequently depicted as a struggle between good and evil, with scanners, firewalls, and AI tools presented as the heroes. However, genuine security isn't about heroics; it's about preparation and humility.
In our culture, we praise pioneers, individuals who venture into new territory and embrace the unknown. It's time for cybersecurity to adopt this mindset. Instead of relying solely on known tools, begin considering the risks you haven't identified. The unknown isn't merely a gap in your strategy; it's the most significant threat you face. By acknowledging it, preparing for it, and defending against it, you can turn uncertainty into your most formidable asset.
Our Website Technology Council is an exclusive, invitation-only community for renowned CIOs, CTOs, and technology executive leaders. Are you eligible?
Despite the advanced vulnerability scanners and management tools, they often miss critical vulnerabilities due to human-defined parameters, licensing constraints, and assumptions about system configurations. This leaves organizations vulnerable, just like leaving a basement window unlocked in a secured house. (The Deception of Complete Coverage)
In the context of cybersecurity, it's essential to address both known vulnerabilities and the unrecognized ones. This shift in perspective, similar to aviation's approach to "unknown unknowns," can greatly benefit cybersecurity. (Recognizing the Unknown)
