We’ve posted earlier about how hackers get into your systems and steal data from your endpoints, and then how they monetize this stolen information. If you have thousands of unsecured mobile endpoints on your network, it means there are equal numbers of opportunities for hackers to breach your constituents’ information.
As a savvy IT pro, you understand that all of your machines must have the most up-to-date security patches — both OS and application — to prevent intrusion. Still, you might be wondering if there is even more you can do to uncover holes in the armor of these endpoints. The answer is decidedly yes! There are vulnerability standards available that can help advance the goal of vulnerability detection. Scanners built upon these standards can give you predictable results, and they are continually updated as the user community at large discovers more vulnerabilities.
One of the most well-known is the Open Vulnerability and Assessment Language (OVAL®). Before the advent of OVAL, there wasn’t a common way for IT administrators to find all software vulnerabilities, configuration issues, programs, and/or patches on their endpoints. Sure, you can and should use a patching tool to make sure all OS security patches are addressed. But, that is only part of the story. With OVAL there is a standard repository for vulnerability tests that is continually updated by the community. The community reviews and vets new definitions before they are added to the repository.
At the heart of the community is the OVAL Board which consists of members from industry, academia, and government organizations. OVAL is funded by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security and is the summation of the efforts of a broad selection of security and system administration professionals from around the world.
Often, the question arises: can’t hackers use this information to break into my system? Certainly, any public discussion or availability of vulnerability and configuration information may help a hacker. However, there are several reasons why the benefits of OVAL outweigh its risks.
- OVAL is restricted to identify publicly known configuration issues and associated vulnerabilities.
- OVAL definitions help users determine the presence of vulnerabilities or configuration issues on systems before they can be exploited.
- You must have root-level or system administrator access to actually employ the vulnerability information in an OVAL definition.
- The detailed technical information about vulnerabilities or configuration issues made available in OVAL definitions reduces the need for releasing exploit code to the public.
So if you truly want to decrease your exposure to outside threats, you can be proactive by performing vulnerability scans. Doing them based on OVAL definitions gives you the knowledge that the entire security community has your back.
We’ve been discussing the new security landscape, how it’s affecting IT processes and people, and what can be done to further protect your environment and that of your constituencies. For more information and a helpful list of controls, check out our new white paper: Protecting Your Network and Endpoints with the SANS 20 Critical Security Controls.