We always want to know what is connected to the network. And whether it is vulnerable.
It is normal for any organization to constantly add or remove various devices, on-premises or off-premises, wired or wireless. This can give malicious hackers an opportunity to take advantage of an improperly secured system.
Organizations often don’t know where they are, let alone how many assets they have.
The answer is to run regular automated scans to discover assets connected to your infrastructure and enumerate any vulnerabilities that may exist.
US Cybersecurity and Infrastructure Security Agency (CISA) Said Federal agencies on Monday said it will soon be necessary to track assets and vulnerabilities on their networks.
By April 3, 2023, all federal civilian administrations must ensure that they:
- Run automatic asset discovery every 7 days. This should at least cover the entire IPv4 space used by the agency.
- Every 14 days we will start enumerating vulnerabilities on all discovered assets, including all discovered nomadic/roaming devices (e.g. laptops).
- Automatically feed details of detected vulnerabilities to CISA’s Continuous Diagnosis and Mitigation (CDM) dashboard within 72 hours.
- Ability to initiate on-demand asset discovery and vulnerability enumeration to identify specific assets or vulnerabilities within 72 hours of receiving a request from CISA and return results to CISA within 7 days of request develop and maintain
CISA Director Jen Easterly highlighted the SolarWinds attack when announcing the new directive to the media. In this attack, a sophisticated hacking group used harmful updates to network management software to compromise networks within government departments, critical infrastructure, and the private sector, taking over the moon.
“If you’ve heard us talk about this, we are consistently saying that we are on an urgent path to gain visibility into the risks facing federal private networks. “This was clearly a gap revealed by SolarWinds.”
A key factor for organizations trying to protect themselves from attacks like SolarWinds is the ability to quickly identify the presence of compromised software on their networks.
Within six months, CISA said it will publish a common vulnerability reporting data format that agencies can use to enter information into their CDM dashboards.
Editor’s note: The opinions expressed in this guest author article are those of the contributor only and do not necessarily reflect those of Tripwire, Inc.