Context: Your Super-Weapon in Vulnerability Management?
Context: Your Super-Weapon in Vulnerability Management?
Context is supremely important to decision-making as well as vulnerability management.
Join the DZone community and get the full member experience.Join For Free
Merriam Webster defines context as the interrelated conditions in which something exists or occurs — such as the environment or setting. Another definition for the word context is also “parts of a discourse that surround a word or passage that can throw light on its meaning.”
As we all know, context is supremely important in our lives. Many of the decisions we make, the actions we take, and things we say are highly dependent on context. Context serves as a shorthand to denote all the (complex) background information and insights that we store in our heads as it relates to the situation at hand. Human brains are very effective in acquiring, storing, and using context. For example, reading the word “car” instantly and unconsciously activates all the information (i.e., mental models) you have in your head about cars — about different makes and models, outer shapes, interiors, etc. If you parse the word “wash” after the car, another mental model is activated about the information your brain has learned about washing cars. A completely different set of mental models are activated when you read the words “wash sale." The meaning of the word wash is highly dependent on the context.
As you might imagine, context is also supremely important in information technology (IT) and, in particular, with cybersecurity. It is very hard to make a good decision without context. And for cybersecurity, accurate context is often not available. Most organizations end up making poor cybersecurity decisions based on intuition and not on data.
For example, let’s take an alarm generated by a “next-generation” network firewall indicating the download of some malicious payload by a user. This may or may not be relevant based on factors like:
- the type of device and software being used by the user, e.g. iPhone or PC — the malicious exploit may work only on Windows PCs.
- the version of software running on the device, a software update to fix the vulnerability may have been installed yesterday, or not
- the presence or absence of security control, like anti-virus or other endpoint security protection on the device, which would prevent the malicious payload from doing anything bad
- and several other factors…
If security teams are able to get a good context, all those nuances surrounding a security event can help to unravel even the most complex problems.
Having good context is particularly critical in cybersecurity vulnerability management (VM), which involves proactively analyzing and fixing weaknesses before attackers can find and exploit them. For example, a certain emergency patch from Microsoft to fix a major vulnerability in IE that inconveniently shows up just a couple of days before Christmas may only need to be applied to those Windows laptops and desktops whose users actually use Internet Explorer as their main browser (as opposed to Chrome or Edge). This context can save IT and security teams from wasting time and effort on unneeded patches while focusing on stuff that actually matters (or enjoying their Christmas break).
Context is essential in modernizing your VM effort to take a more advanced risk-based approach. Why? Because risk-based VM (RBVM) is all about understanding the unique risk factors of every IT asset touching a network. And that level of analysis and detail requires context for every asset — and its security state and role in the business.
Why Is Building Security Context so Difficult?
The main challenge to achieving context within RBVM is the massive, dynamically changing datasets that most organizations must analyze to understand the enterprise attack surface. Instead of looking at functions with a few simple variables — and figuring out what those variables are describing — companies must analyze functions with hundreds, or hundreds of thousands, of variables. And even if they could achieve that feat, those variables change over time, which makes it an uphill struggle that makes gathering accurate context very hard to achieve, much less maintain. This leads to organizations making critical decisions using gut instincts without knowing all the facts. And even one bad call can be disastrous.
Another challenge that makes context so hard to achieve is the fact that legacy VM systems struggle to understand the role of assets in the business. For example, traditional VM systems don’t properly interpret the distinctions between print servers and DNS servers, especially as it pertains to how those nodes support business objectives.
As a result, companies are left with large amounts of data, a lack of intelligent insights about it, no automated capabilities to help out, and nonexistent or even flawed information about their assets, valuable data, and vulnerabilities.
Ingredients for Generating Accurate Context
Advanced AI techniques offer effective ways companies can gather good contextual information. For an easily accessible example of this, query Google, looking for “coffee." What does google respond with? It will return information about coffee shops nearby, their operating hours, directions on how to get there by car, on foot, or using public transport (as appropriate), and how much traffic you are likely to encounter. Google may also indicate how those shops have been reviewed by other coffee drinkers, and any conditions related to special events you need to worry about.
Now, if you ask Google about “coffee manufacturing,” you will get a completely different answer, one that probably won’t include directions to the nearest coffee factory, which would be silly.
Google can do this because it overlays your location data as well as whatever preferences it knows about you and other people like you, its model for coffee shops and other coffee related things as this relates to your specific query. However, Google might have tried to send you to Argentina if it didn’t have a good context about your query based on millions of other searches that people have made, and your personal preferences. And the key is having good AI that is able to quickly generate context based on a lot of ever-changing factors.
Published at DZone with permission of Gaurav Banga , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.