How to prevent known exploited vulnerabilities at the endpoint

The US Cybersecurity and Infrastructure Agency (CISA) has issued a directive to federal agencies and other public bodies requiring them to take steps to reduce their risk of exploited vulnerabilities. 

CISA highlights the startling finding that hackers are exploiting up to 290 different vulnerabilities in these agencies. Some of these malicious attacks are very dangerous. Nobelium (also known as APT29 and Cozy Bear), the group that carried out the supply chain cyberattack on SolarWinds, has hit multiple US government bodies, including the Departments of Defense and Homeland Security where, in theory, the highest levels of protection are applied. But other known vulnerabilities are also mentioned in the catalog accompanying the directive, such as the recent weaknesses identified in Microsoft Exchange, Netlogon, Fortinet, and Windows Server DNS.  

For all these reasons, CISA has asked institutions to take the following measures: 

1. Review and update procedures against vulnerabilities within 60 days. Specifically: 

• Establish a process for the ongoing remediation of vulnerabilities identified by CISA. 
• Assign roles and responsibilities for executing the measures required by CISA. 
• Define specific actions to ensure a rapid response to these measures. 
•  Establish internal validation and enforcement procedures to ensure compliance with the directive. 

2. Remediate all the listed vulnerabilities within six months. 

3. Report on the response status to the listed vulnerabilities. 

Although this directive is aimed at the public sector, its measures and the catalog it provides can also prove useful for private organizations, enabling them to identify which vulnerabilities they may be victims of more easily.  

However, some cybersecurity analysts and IT experts point out that these tasks imposed by CISA are going to be difficult to implement: the deadlines are too short in terms of planning the procedures, executing them and remediating vulnerabilities. Moreover, threats don't follow schedules, so attacks that exploit vulnerabilities can happen at any time.  

Managing patches and updates easily 

With time running out, MSPs and organizations must lay down plans and clear policies for updating their customers' operating systems, servers, proprietary and third-party software. But managing a large number of patches and updates is not a simple task. Advanced tools to keep IT and security operations up to date and avoid delays that can be the entry vector for serious incidents are available. 

For instance, WatchGuard Cloud has just added four new modules for endpoint security, including WatchGuard Patch Management: enabling MSPs to manage patches and updates with ease and resolve vulnerabilities in operating systems and hundreds of third-party applications on their customers' workstations and servers. This reduces the attack surface by enhancing WatchGuard Cloud's existing incident mitigation and prevention capabilities. This makes it the perfect complement to WatchGuard's EPDR, EDR and EPP solutions. 

WatchGuard Endpoint Security offers comprehensive endpoint security protection, detection, and response for networks with tens of thousands of devices with the option to add threat hunting services and zero-trust applications.When combined with additional tools such as RapidDeploy and FlexPay, the powerful WatchGuard Unified Security Platform™ enables solution providers to scale fast to meet changing customer needs and requirements.