Among the common weaknesses that expose organizations to cyberattacks, the most prominent are software vulnerabilities in systems and applications that attackers relentlessly take advantage of.
To assist in the discovery of such vulnerabilities, Cynet now offers organizations a 14 days free access to its Cynet 360 platform in which they can leverage its built-in vulnerability assessment tools.
A vulnerability is a bug in the software that enables a threat actor to manipulate it for malicious purposes. For example, a vulnerability in Word enables attackers to craft a Word document in such a manner that when a user double clicks to open it, it transparently opens a connection between the user computer and the attacker, enabling the latter to execute code remotely and install additional malware on it.
In light of the above, it would only make sense to assume that the vast majority of organizations routinely deploy patches as soon as the vendor issues them. Unfortunately, that's far from the truth.
"At the beginning, it made no sense to me," said Eyal Gruner, president, and co-founder of Cynet, "I come from an offensive security background, and you can be sure – fully patched organizations are much harder to penetrate. Actually, if it's not an extremely targeted attack, most attackers would just try their luck with a lesser protected victim – but still, people won't patch."
According to Gruner, upon deep-diving into the not-patching mystery, he and his team at Cynet discovered that operational obstacles play a critical role.
"You need to have a dedicated product to scan your environment, meaning that you have to fight your way to a sufficient budget. Then you have to deploy it, which is resource consuming – it can take effort to have such a scanner fully cover your entire environment."
"And finally, you need to have someone on your team master the product and operate it. IT and Security teams have their hands full already, and adding extra burden would many times result in an automatic no-go."
Of course, while all the above helps to understand why patching is not common practice, it contributes little to zero in justifying it.
"I mean, there are tons of available exploit kits out there, enabling anyone – even with no hacking skills – to distribute exploits far and wide, armed with ransomware, crypto-miners, and others," said Gruner.
"If any of these materialize in your environment, it could easily cost five times more work and money than purchase, deployment, and operation combined."
Gruner said that his assumption was that vulnerability assessment must be an integral part of the Cynet 360 breach protection platform. By that, the purchase and deployment issues would be eliminated completely.
And in regard to the operation, "similar to all the other Cynet 360 functionalities, simplicity was our compass. Our test was: can you get what you want in a single click? and we did it."
|Cynet reporting options|
|Windows missing patch example|
By providing organizations with free 14-day access to its Cynet 360 platform, including vulnerability assessment capabilities, organizations can experience the power, speed, and ease of full visibility into their vulnerable systems and apps.
The Cynet Free Vulnerability Assessment offering provides the following benefits:
- Immediate time-to-value: lightspeed installation, scanning of thousands of hosts within minutes.
- Full visibility: any vulnerabilities in the OS and application are discovered and resurfaced for prioritization and patching.
- Single-click: built-in reports with all you need to know. Push the button, and you're done.
Cynet Free Vulnerability Assessment addresses two IT/Security audiences:
- Those who already patch – to this group, Cynet accelerates and optimizes their existing workflow.
- Those who don't patch – to this group, Cynet introduces an effortless path to boost the breach protection level of their organizations, with no operational burden.
"It's our hope that when people see how easy it can be, it will become the no-brainer I thought it once should be," sais Gruner. "It's not a magic wand that will make you 100% secure, but it will 100% make you more secure than you are now."