If your applications are delivered with vulnerabilities attached – it won’t matter how good your network security is. This is true whether they’re hosted on-premise or in the cloud.
While patching will resolve the majority of vulnerabilities found on your network, others can have a bigger impact such as careless administration and use of IT equipment. These need to be managed as much, if not more than patches.
Examples of non-patch related vulnerabilities include:
- A new printer is installed without changing the default password. This printer caches printed documents with the last 100 documents printed available to anyone on the network
- A web developer turns on the ‘TRACE’ method on a production website to debug a problem and forgets to turn it off. Criminals can do ‘Cross Site Tracing’ on your website, allowing them to trick your visitors into thinking they’re seeing your trusted content when they’re really viewing the criminal’s content
- A user installs a piece of software with a light database in the backend. The database has a well-known default SA password, and supports passing through shell commands. This creates a back door into your domain.
These types of events occur too frequently to be detected by an annual penetration test. Periodic vulnerability management, ranging from daily to quarterly per year, is an excellent measure to ensure your network doesn’t fall into an insecure state between penetration tests.
If you can’t say for certain that “all vulnerabilities on my environment create only minimal and tolerant risks” contact SpearHead Networks and find out what the true risk your vulnerabilities actually are.