Ivanti Blog: Posts by

Security by Default: The Crucial Complement to Secure by Design

Fri, 13 Sep 2024 12:00:00 Z

Legacy cybersecurity systems – many designed over a decade ago – fail to account for the new breed of attacker capabilities and vulnerabilities – nor for the reliance on human configuration that is the Achilles heel of so much software.

This new reality is being answered with the software development concept called security by default, a necessary complement to the principles of Secure by Design set forth by the U.S. Cybersecurity & Infrastructure Security Agency (CISA).

Secure by Design principles stress embedded security throughout software design and development. Security by default ensures a zero-day product is inherently secure out of the box. No complex setup is needed because core security features like secure logging and authorization are pre-configured.

Threats are evolving – and accelerating

Until recently, most systems had a limited "blast radius." Protected by firewalls, they were contained, so access was restricted to a select few within an organization. Attackers lacked an open playing field they could crawl in search of weaknesses. They couldn't automate their assaults, and the entire attack process – finding a vulnerability, weaponizing it by crafting an exploit and deploying the weaponized attack – took weeks at least, and often months.

This limited not only the speed of attacks but also their scale. Attackers had to target organizations one by one, figuring out ways to bypass specific controls. The overall rate of attacks was low, and even when they did occur, the impact was relatively contained due to the time and effort attackers had to invest.

When we talk about “an evolving cyber threat landscape,” this is nearly an understatement, because natural or even technical evolution has never been this rapid. In only a few years, it has morphed into a digital Thunderdome, an arena that imperils the poorly protected like never before.

This is because attackers have been able to capitalize on three key developments:

Today’s attackers can quickly weaponize vulnerabilities, and artificial intelligence tools are making that even easier. Gone are the days of lengthy disclosure windows. Automated scanning tools and exploit kits readily available on the dark web let even less-technical attackers get in on the malware game. Zero-day attacks are a growing concern as attackers become more agile at exploiting vulnerabilities before a patch exists.
Cloud adoption has created a broader attack surface as distributed cloud infrastructure makes it difficult to secure and monitor data. The shared security responsibility model between cloud providers and users can lead to vulnerabilities if misconfigured or not fully understood. Additionally, cloud applications often rely on APIs for communication, which can introduce vulnerabilities if not properly secured.
Traditional security measures like firewalls and antivirus aren't keeping pace. Firewalls can be bypassed through social engineering even as antivirus struggles to detect brand new zero-day threats. The perimeter-based security approach is outdated in the cloud era, where Secure by Design principles need to be implemented throughout the entire IT infrastructure.

Bad guys are ready to probe for weak points or launch attacks the moment a product gets activated. So, that product must have robust, zero-day defenses in place the instant it is turned on and connected to an organization’s network.

The three pillars of security by default

Proper execution of security by default rests on three fundamental pillars.

Shift-left security

Shift-left focuses on catching vulnerabilities early in the development process. Developers need to write secure code, avoiding common pitfalls identified in resources like the OWASP Top 10 (web application security vulnerabilities) and CWE Top 25 (common software weaknesses).

An analogy is preventive medicine, where wellness practices and inoculation can protect a person from illness. By focusing on secure coding practices from the start, developers are building immunity and resilience right into the software.

Enforcing secure configurations

When human beings configure their new software, hackers celebrate. To eliminate misconfiguration errors, software providers must enforce secure configurations by default. This includes multi-factor authentication (MFA) or single sign-on (SSO) and avoiding hard-coded credentials (passwords or tokens) or default configurations that have vulnerabilities already known to attackers.

Enforcing secure configurations ensures consistent security across all deployments, regardless of user experience or technical expertise. It also simplifies user experience, since they don’t have to make configuration decisions.

Securing the software supply chain

Like automative and aerospace manufacturing, modern software development has become an assembly line – one that relies heavily on third-party libraries and open-source code. Under security by default, developers need to pay strict attention to the security of these components so they don't introduce vulnerabilities.

Measuring security by default

Today, a provider can take advantage of instrumentation and telemetry to monitor the performance of security by default features. If the product is on-premises, enabling telemetry will involve punching holes in a firewall for the data to leave the user's network. If it’s in the cloud, it's easier to allow telemetry to flow back to the provider.

In either situation, it’s a matter of mutual consent: The software user must enable the default telemetry so the provider can look at the software's behavior and see if its inbuilt security controls are being implemented. Fortunately, this also means the user does not have to intervene to enable security features. A provider can do so remotely if it has customer consent.

Getting ahead of evolving threats

The best-intentioned, hardest-working cybersecurity professionals are still at the mercy of the data and insights they have in hand. For instance, traditional vulnerability lists like the OWASP Top 10 and CWE Top 25 are key to security awareness but have limitations:

Updates to the lists still leave a window of vulnerability between discovery and mitigation. Attackers exploit this gap by targeting "outlier" vulnerabilities that are not yet listed.
Traditional lists focus on known vulnerabilities, leaving organizations susceptible to "known unknowns” – weaknesses with potential for exploitation but not yet identified.

That said, AI and machine learning hold the promise of revolutionizing security by default by closing these gaps:

Machine learning algorithms can analyze vast amounts of security data to identify patterns and predict potential vulnerabilities, including those not yet on traditional lists.
By analyzing exploit trends and software behavior, machine learning can identify the “known unknown” weaknesses with a higher likelihood of being exploited, even if they are still undocumented.

Adding AI into SDLC

AI and machine learning can also transfigure how security by default principles are incorporated into software development cycles:

Automated vulnerability detection: AI tools can continuously scan code for vulnerabilities, both known and unknown, so they can be addressed early in an SDLC.
Proactive security modeling: By analyzing attack patterns, AI can predict threats; this allows proactive security modeling to build software with baked-in defenses against those threats.
Intelligent developer assistance: AI can analyze code and make real-time suggestions about secure coding practices to development teams.

Security by default via self-healing software

One goal for developers concerned with security by default is the creation of software with the innate ability to proactively self-identify vulnerabilities and rectify them. This concept is inspired by genetic algorithms used in manufacturing let systems self-optimize and improve themselves over time.

This will transform “security by default” from a static concept to a dynamic, self-monitored, self-healing capability that’s built into enterprise software. That will give it the ability to rectify its own vulnerabilities, thwart threats and even report new attacks to its developers.

Steps in the right direction

Not too long ago, I wrote about how there needed to be a “private/public partnership in which industry and government come together to solve the digital security problem.” The creation of Secure by Design principles and the efforts of CISA and industry leaders to advance them is a big step forward in mounting just such an urgently needed collaborative defense against cyber threats.

It’s still up to individual software providers and developers to put these measures into action, though. Following security by default practices plays a vital part in developing and delivering more secure software and gaining the high ground in the cybersecurity battle.

Enhancing Cybersecurity for Federal and DoD Customers: Ivanti's FedRAMP Certified Solutions and Commitment to IL 5 and CMMC Certifications

Fri, 16 Feb 2024 23:30:22 Z

At Ivanti, we support the mission of our Federal and DoD customers and join with our warfighters in defending against cybersecurity threats and nation-state sponsored cyber-attacks.

Ivanti offers FedRAMP certified solutions for IT Service Management and Unified Endpoint Management, and is also a leader in on-premise, disconnected and air-gapped network solutions. The Ivanti Enterprise Mobility Management solution (originally MobileIron MDM) was one of the first to be certified under the NIAP/Common Criteria Mobile Device Management Protection Profile Version 1 (NIAP MDMPP v1), has been continually recertified under each of the updated versions, and remains one of the only MDM solutions with a CSfC certification for use on classified programs.

In recent years the escalation of the threat from malicious actors and nation-state sponsored cyber criminals has resulted in the need for Ivanti to enhance the security of our solutions and cloud platforms. To that end, Ivanti is committed to meeting the US Department of Defense’s requirements for an Impact Level 5 (IL 5) cloud platform for our IT Service Management and our Unified Endpoint Management solutions. Work is ongoing to achieve IL 5 and CMMC certifications for these and other future solutions.

The Latest Ransomware Stats Are In and It’s Not Good News.

Thu, 20 Oct 2022 16:40:51 Z

Out of 10 key metrics tracked quarterly to establish the state of ransomware activity, only one metric stayed static from Q1 to Q3 2022. The other nine all worsened.

That’s an alarming trend, especially given that many business leaders hoped to see ransomware activity taper off after a historic surge during the peak of the pandemic.

Ivanti, together with Cyber Security Works and Cyware, collaborated on the just-released report. To inform the report, ransomware data was meticulously collected from multiple data sources known for their accuracy and is continuously updated by the Cyber Security Works and Securin research teams.

The full report is available and worth a read. Here are a few important takeaways:

The pandemic surge is real ... Since 2019, there has been a 466% growth in the number of vulnerabilities associated with ransomware.
… and it’s not over. A total of 13 new vulnerabilities have become exploitable by ransomware threat actors in the past six months, and the vast majority of those – 11 in total, are from Q3 alone.
It’s critical. 10 out of the 13 newly associated vulnerabilities have a “critical” severity rating.
Popular scanners aren’t cutting it … Popular scanners, including Nessus, Nexus and Qualys, are not filtering 18 ransomware vulnerabilities.
… and the CISA KEV Catalog is incomplete. The Known Exploited Vulnerabilities (KEV) catalog from CISA is missing at least 124 ransomware vulnerabilities.
Three industries are the hardest hit. Healthcare, energy and critical manufacturing are at particular risk from 16 ransomware vulnerabilities exploited by some of the most notorious ransomware operators.
Ransomware needs human interaction and phishing as the only attack vector is a myth. Ransomware attack vectors have evolved and are now targeting remote access services, software weaknesses and cloud applications.
57 vulnerabilities can facilitate a MITRE ATT&CK complete kill chain from initial access to exfiltration, making them extremely dangerous as ransomware attackers could use them to take down their victims.
New ransomware families are emerging constantly. Several new ransomware families have emerged over the last six months, making it essentially impossible to keep pace without a comprehensive, proactive and risk-based strategy.

The full report contains essential details, including information on the new ransomware families; affected vendors and products; key trends; and more intelligent insights. Ransomware operators are fully up to speed on what’s happening. That means you should be, too.

It’s Cybersecurity Awareness Month! Here’s What You Need to Know

Tue, 04 Oct 2022 13:37:45 Z

Okay, I’ll admit it – I probably get more excited for Cybersecurity Awareness Month than most people. It’s a professional hazard. It has been 18 years since the first Cybersecurity Awareness Month, but this one feels particularly important.

For starters, the Cybersecurity and Infrastructure Security Agency (CISA) – an operational component of the Department of Homeland Security (DHS) – is steering towards a proactive and risk-based approach to cybersecurity with DHS KEVs and binding orders.

Plus, the Securities & Exchange Commission (SEC) is actively enforcing cybersecurity laws and contemplating bringing a cyber expert on board.

In addition, we’re at an inflection point. After multiple years of scramble and survival mode, enterprises are finally getting their proverbial feet under them and are focusing on comprehensive strategies for the next phase.

The world is moving from reactive to proactive: From fear to risk management. From tedious manual operations to wisely designed automation. From “try to keep up” to “move forward with intention.”

And perhaps, we are getting back to the fundamentals of cybersecurity rather than chasing the shiniest possible objects.

It’s an exciting time, and I’m thrilled to be part of it.

I want you to seize the moment, so I’m kicking off Cybersecurity Awareness Month with a highlight reel of some ideas, resources and activities we have going on this month at Ivanti. Here’s what you can do now:

See yourself in cyber

That’s the theme of this Cybersecurity Awareness Month. I love it because it reminds us we all can play a role in shoring up the cybersecurity posture of our organization – and protecting ourselves, too.

Even though cybersecurity has a lot to do with technology, there’s a deeply human element. Every individual should know how to protect against phishing attacks, when and how to update devices and software and how their everyday activities fit into the organization’s cybersecurity posture.

Follow us on social and stay tuned for our CISO video series

Ivanti is producing an educational video series to highlight the role of the CISO. This series is designed to create awareness and excitement – especially within the younger generation –about STEM fields and, specifically, the importance of a CISO.

We’ll be interviewing members of our CISO Advisory Board and sharing the videos on social – be sure to follow us on LinkedIn and Twitter if you don’t already!

Focus on the first principles of cybersecurity

Speaking of getting back to basics, it’s a great time to review the NSA's “first principles of cybersecurity.” These guidelines are intended to not just help prevent a breach but lower the probability of a successful cyberattack.

The first principles include:

Domain separation.
Process isolation.
Resource encapsulation.
Least privilege.
Layering.
Abstraction.
Data hiding.
Modularity.
Simplicity.
Minimization.

Get ready for the Q2/Q3 Ransomware Index Report

This report, which we regularly conduct with Cyber Security Works and Cyware, is always highly anticipated and gets lots of attention, so we’re looking forward to the release of the next one. This next report will look at Q2/Q3 trends in ransomware.

The report will also detail:

New vulnerabilities tied to ransomware.
APT groups associated with ransomware.
The most active ransomware families.
New weakness categories related to ransomware.

Can’t wait for the Q2/Q3 report? Check out the Q1 report.

Register for our Patch Tuesday webinar

As we do every month, we’ll recap the Microsoft and third-party security patches released on Patch Tuesday (the second Tuesday of the month; in this case, Oct. 11). Register to hear discussions on things to watch out for, products to test adequately and which patches should be the highest priority to roll out.

Listen to the Everywhere Workplace podcast

Our podcast contains information to help you thrive in – not just survive – the Everywhere Workplace. Check out our latest podcast episodes for tips on how to make managing your flexible workforce easy and secure! We recently sat down with Steve Brasen, Managing Research Director at EMA, to discuss strengthening security with digital employee experience.

And to learn about the changing world of technology and cybersecurity, tune into our Ivanti Security Insights Podcast.

That’s a lot – and there’s more to come. Here’s to moving forward with intention, strategy and better cybersecurity posture than ever before.

It’s Time for Digital Privacy and Safety to Be a Government Priority

Fri, 10 Jun 2022 16:18:49 Z

In the US, a massive percentage of the spend on cybersecurity is spent securing the federal government itself and on securing the largest enterprises.

That’s an important investment.

It’s also wildly unbalanced, and has terrifying implications for all of us.

Digital privacy and safety are becoming a new economic gulf, widening the distance between those who have the resources to secure themselves and their companies, and those who don’t.

Why should everyone care? Because the fallout of this imbalance affects everyone, directly or indirectly.

Small and medium-sized businesses can’t afford to be compromised

Utilities are a prime example of this problem. Different municipalities have their own utilities. Only the largest and most well-funded municipalities have robust IT and security departments. And IT/security is one of the hardest-hit sectors of the Great Resignation, meaning that even municipalities with the resources to hire a strong IT department struggle to find workers. In the case of a breach, there’s no way they can manage reactive forensics, let alone be proactive enough to keep up with every conceivable threat. It’s not just personally identifiable information (PII) that is vulnerable if a utility gets victimized. Think utilities don’t matter? Try having your water supply compromised.

Agriculture tech is another example. Aside from the very largest, subsidized producers, agriculture operations in the US largely operate on razor-thin margins. Not long ago, a ransomware attack took down a meat processing company. The entire system felt the impact. Now think of the thousands of family-owned and cooperative farms and processors. They certainly don’t have an entire IT/security team. They might be lucky to have one IT employee. Many of them have none.

We don’t want our utility providers or agriculture system to have to play Whac-A-Mole with cybersecurity threats. We count on these industries to keep us maintaining a basic standard of living. And there are hundreds more examples where these came from.

It’s not just business, it’s personal

Digital privacy and safety are also a point of privilege at the individual level. Some people have the resources to prevent victimization or recover from being victimized. Many others don’t. There has been more talk recently of how expensive it is to be low-income in the US. This is yet another way that lack of resources can be devastatingly costly.

In the US, if you don’t have sufficient resources to buy food, you can apply for assistance.

It’s by no means a perfect system, but it’s there.

If you don’t have sufficient resources to pay for medical care, you can apply for assistance. It’s by no means a perfect system, but it’s there.

If you don’t have sufficient resources to protect your digital security, you’re essentially out of luck. That’s not to say that digital security is as important as food or health care – it certainly isn’t – but I assert that it is a basic right, and it should be treated as such.

What’s the solution?

Ideally, the government would allocate more funds to digital security for individuals, families and small/medium-sized businesses. And yet, it’s not that simple. To be effective, it should be a private/public partnership in which industry and government come together to solve the digital security problem.

We need to start with local educational institutions and emphasize the need for cybersecurity professionals. We need to treat digital security as a noble profession that keeps people and institutions safe and economically stable. We need to educate students and entrepreneurs across disciplines and industries about the importance of prioritizing digital security.

The government can’t do this alone. It needs to be a cultural shift. Right now, cyberthreat actors are far ahead of most of the rest of the world. If we don’t start taking this seriously and treating it like a fundamental element of security at the government, industry, and individual level, we are just making threat actors’ jobs even easier. We need to act before it’s too late.

New 2022 Report: Alarming Ransomware Trend Shows No Sign of Reversing

Wed, 18 May 2022 07:11:00 Z

It’s no secret that ransomware threats skyrocketed – in both volume and boldness – during the pandemic. Threat actors capitalized on the sudden transition to remote work and the resulting lapses in security.

Now that the working world is beginning to settle into a permanent Everywhere Workplace, you might think the ransomware trend would begin to reverse.

Not so, according to a new report from Ivanti. The report details ransomware trends from Q1 2022, and the findings are bleak.

Here are a few highlights (or, rather, lowlights):

Since publication of the year-end 2021 report, Ivanti’s analysis shows a strong 7.6% increase in the number of ransomware-affiliated vulnerabilities.
At the time the report was published, there had been 22 new vulnerabilities associated with ransomware just since January 2022. That takes the total number from 288 to 310.
Of the vulnerabilities tied to ransomware, at least 11 are undetected by popular scanners.
27 new vulnerabilities were added to Conti’s ransomware arsenal this quarter – a ransomware gang that expressed its support of the Russian invasion of Ukraine this past spring.
Three new APT groups (Exotic Lily, APT 35 and DEV-0401) have started leveraging ransomware to attack targets.
Four new ransomware families (AvosLocker, Karma, BlackCat and Night Sky) became active in Q1.

The takeaway: ransomware threats are emerging far faster than any IT department can stay on top of manually, even if that department is fully staffed and working around the clock. And, even when technology like a scanners is involved, threats are still going undetected.

As we’ve said before, those of us defending against attacks need to be right every single time; attackers only need to be right once. Current security gaps are more than sufficient to let threat actors wreak havoc.

So, what can security leaders practically do in the face of this increasing threat? Among other solutions, you can consider automating cybersecurity protocols as part of a comprehensive, risk-based vulnerability management program.

The weakest link of any security protocol is the human element, after all. The less you require of your end users and IT or security teams to implement security-centric tasks, the less chance you introduce error into an already delicate balance... and the less chance you have of burning out your security team completely.

To read more about current threats and trends, download the full 2022 Q1 Ransomware Index Report.

Who is Most Vulnerable to Ransomware Attacks? New Report Reveals Latest Trends.

Wed, 26 Jan 2022 13:01:17 Z

No one will be surprised to hear that ransomware is, once again, on the rise. The last two years have seen a stratospheric increase in both the frequency and sophistication of attacks. In a just-released report from Ivanti, Cyber Security Works and Cyware, 2021 closed out with alarming statistics including a 29% increase in CVEs associated with ransomware, and a 26% increase in ransomware families compared to the previous year. The report identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over 2020.

And yet, it’s not just simply a question of how many CVEs and ransomware families we’re seeing. It’s also how they’re being leveraged, and who is most at risk.

Ivanti’s report reveals several patterns that businesses need to be aware of in order to maximize defenses against threats.

Pattern #1: Unpatched vulnerabilities

While threat actors are sophisticated, they’re also opportunistic. Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups. Of the 65 new vulnerabilities identified by our analysis, more than one-third were actively trending on the dark web and repeatedly exploited. More than half of the 223 older vulnerabilities are still being targeted as well. The lesson: organizations need to prioritize and patch weaponized vulnerabilities based on what’s being targeted, whether those vulnerabilities are new or old. Since manually keeping up with patching every vulnerability isn’t realistic, it’s critical to embrace automated, risk-based patch intelligence so the highest-priority vulnerabilities get the attention they need.

Pattern #2: Exploitation of zero-day vulnerabilities

Has your organization been waiting to act until CVEs are added to the National Vulnerability Database? If so, unfortunately, you’re already behind. Threat actors are acting so quickly that they’ve been repeatedly leveraging zero-day vulnerabilities that haven’t even made it to the database yet. This dangerous trend highlights the need for solutions that can identify and remediate even zero-day vulnerabilities – and the need for vendors to be agile and transparent in disclosing vulnerabilities and releasing priority-based patches.

Pattern #3: Supply chain attacks

Ransomware groups are increasingly targeting supply chain networks to inflict major damage and cause widespread chaos. Just one compromise in the supply chain can snowball into the hijacking of complete system distributions across hundreds of victim networks. Last year, threat actors compromised supply chain networks via third-party applications, vendor-specific products, and open-source libraries. The takeaway: If you’re involved in supply chain, additional vigilance and, again, risk-based, prioritized patching is essential.

Pattern #4: Ransomware-as-a-Service

Ransomware-as-a-Service sounds like a parody, but it’s a real thing – and it’s on the rise. This business model involves ransomware developers offering their services, variants, kits or code to other malicious actors in return for payment. The sharing of ransomware services accelerates the spread of threats – and makes it more difficult to track down the threat’s origin.

If this sounds like a lot of unpleasant news, that’s because it is a lot of unpleasant news. The upside: threat actors are getting bolder, but countermeasures are also advancing. A proactive, risk-based approach is becoming the must-have security posture for businesses of all sizes across a wide range of industries. Even better: automated patch intelligence means risk-based prioritization can happen even with the significant personnel shortage facing IT right now. Threat actors aren’t letting up, and we’re going to continue to see a rise in attacks. While that’s inevitable, it’s not inevitable that businesses continue to fall victim at the rates we’re witnessing now. The solution: prioritize. Patch. Automate. And do it now.

To read the latest Ransomware report in full, click here.

To learn more about Ivanti Neurons for Patch Intelligence, click here.

New report: Ransomware continues to rise. Here’s how to get ahead of it.

Tue, 09 Nov 2021 13:00:01 Z

Ransomware experienced a stunning surge in prevalence and sophistication throughout the pandemic. Threat actors capitalized on a frequently shaky transition to a remote, digital business landscape. With so many businesses prioritizing basic functionality over proactive security, vulnerabilities have been unprecedented – and very much exploited.

Case in point: In a recent survey, Ivanti found that well over half of respondents (58%) reported that their businesses had been the victim of a ransomware attack in the last year alone. A significant percentage of those respondents said that the attack took weeks, not simply days or hours, to recover from.

Ransomware attacks dominated headlines throughout 2020, but as we round the corner into 2022 it’s imperative that people not let their guards down. Quite the opposite: evidence suggests that ransomware attacks are still rising – and attackers are getting even bolder.

Just released: Q3 survey results

The Ransomware Index Update for Q3 2021 continues to show a steady increase in all key ransomware markers. The headline-grabber: there has been a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families over Q2 2021. That’s a notable increase in just one quarter, at a time when many businesses are starting to smooth out their Everywhere Workplace and, apparently, start to overlook clear risk factors.

The report, a collaboration between Ivanti, Cyber Security Works, and Cyware, also shows a 1.2% increase in older vulnerabilities tied to ransomware compared to Q2 2021.

The analysis uncovered 12 new vulnerabilities tied to ransomware in Q3 2021, bringing the total number of vulnerabilities associated with ransomware to 278. Out of the 12 vulnerabilities newly associated with ransomware, five are capable of remote code execution attacks and two are capable of exploiting web applications and being manipulated to launch denial-of-service attacks. The report also revealed that ransomware groups are continuing to find and leverage zero-day vulnerabilities, even before the CVEs are added to the National Vulnerability Database and patches are released. For example, the REvil group discovered and exploited a vulnerability in Kaseya VSA software as the security team at the company was actively working on a patch.

The report identified six new active and trending vulnerabilities associated with ransomware, plus three vulnerabilities belonging to 2020 or earlier that became newly associated with ransomware in Q3 2021. It’s clear that ransomware groups are not letting up. They’re continuing to evolve their tactics, rendering the traditional reactionary approach more futile than ever.

The solution: a proactive, risk-based approach that identifies and prioritizes vulnerabilities with intelligent data. Chasing after existing threats leaves companies constantly fighting from behind. On the flip side, it’s prohibitively difficult to try to patch and defend against every vulnerability at all times. Automated risk-based intelligence is a tool that businesses can leverage to stay ahead of increasingly sophisticated threats without using up excess human capital.

To read the Ransomware Index Spotlight report in full, click here.

For more on Ivanti’s risk-based solutions, click here.

Ransomware is on the rise. Here’s how Ivanti x RiskSense will solve it.

Mon, 02 Aug 2021 12:30:16 Z

A few years ago, ransomware was just a nuisance. If that’s how you’re still treating it, this blog is for you.

Ransomware started making more headlines in 2016, but it was treated largely as a nuisance – not a tangible, resource-worthy threat. Fast forward to 2021 and ransomware has graduated to the big leagues, buoyed by a pandemic-fueled, hasty scramble toward decentralized workforces and digital everything. But this rising threat can’t be entirely blamed on the pandemic. I had a front-row seat to the rise of ransomware as the founder of RiskSense, a pioneer in risk-based vulnerability management and prioritization. We started sounding the alarm years ago – we released a report in 2019 that identified three patterns that we felt were likely to become increasingly salient in the following years:

Ransomware will be offered as ransomware as a service.
Ransomware will be disruptive and destructive.
Ransomware will go beyond an endpoint and move into SaaS, apps, and the cloud.

We were right to sound the alarm: our predictions were accurate on all counts. But this isn’t to say, “we told you so.” Instead, it’s to demonstrate how excited I am that Ivanti and RiskSense hold a shared mission of increasing awareness and delivering solutions to fight ransomware. And now, we get to work on that shared mission together. In case you haven’t heard the news, Ivanti today announced that it has acquired RiskSense. I truly believe the whole is greater than the sum of its parts – and the timing couldn’t be more critical.

Today, the impact of ransomware is widespread: healthcare, critical infrastructure, supply chain – no one is immune. Unpatched vulnerabilities remain one of the common points of infiltration into organizations’ ecosystems.

Ivanti has been a leader in patch management for many years, and as the ransomware threat elevated, they ramped up their efforts to stay ahead of the problem. RiskSense is part of that aggressive approach. The cloud-based RiskSense platform leverages risk-based scoring, exploit analytics and attack feasibility to identify critical security weaknesses with corresponding remediation action plans. This acquisition enables Ivanti to drive the next evolution of patch management, grounded in a proactive, risk-based approach. Combined with Ivanti’s existing capabilities, I believe this acquisition delivers a level of defense that is urgently needed right now.

Specifically, this defense translates to context and adaptive intelligence for security and IT teams around an organization’s exposures to actively exploited vulnerabilities. This includes intelligence on whether those vulnerabilities are tied to ransomware. And because insight is only half the battle, organizations will also be able to leverage our capabilities to quickly remediate those threats. The result: security and IT operations teams can be more efficient and effective in combating weaponized vulnerabilities used by cyber adversaries.

In case your eyes glazed over during the preceding paragraph (understandable!) let’s highlight two key terms: context and adaptive intelligence. Patching without threat context is not effective. Too many organizations throw on patches without really understanding what they’re up against. This is an inefficient use of resources and is more likely to result in a frustrated IT team than an effective anti-ransomware campaign. Ivanti has the most robust data on patches, and RiskSense has the most robust data on vulnerabilities and exploits – including the ability to map them back to threat sources. These unique capabilities build on each other for a blended offering that’s unmatched in the market today.

The impact: Learn. Patch. Adapt. Stay ahead of threats. A version of these capabilities, often piecemeal, are in place in a lot of companies. However, organizations are often plagued by missing elements: patching without context, or intelligence without the ability to take action. And even if they have most of the elements in place, the whole process is convoluted, resource-heavy and lengthy. Threat actors are rapidly increasing in boldness and sophistication, and all too often, a quasi-solution is developed long after the damage has been done.

Ivanti x RiskSense means being able to do in seconds what used to take days – and do it better. Threat actors are efficient: they take the smoothest path to success, which means exploiting the most vulnerable opportunities. This often means taking advantages of organizations with a lot at stake like those in healthcare, education, and utilities.

Ivanti and RiskSense are not the only ones who’ve noticed that there is a problem. There is a global fight against ransomware, with a lot on the line. We’re committed to our part in that fight and, now that Ivanti and RiskSense have combined forces, we’re ready for the front lines.