Oct 15, 2021
Mitigation and remediation are two words that are used a lot in cybersecurity. Most times they are used interchangeably. Although there is a stark contrast between them, both play a major role in security service providers’ risk-related decisions. In this post, we will take a closer look at both strategies and how threat intelligence contributes to each.
Remediation and mitigation are both a direct result of risk assessment, following the discovery of a new or advanced persistent threat (APT). Remediation involves the removal of threat when it can be eliminated. On the other hand, mitigation involves creating tactics to reduce a threat’s negative impact when it cannot be eliminated.
Remediation is straightforward because it ascertains attack patterns using indicators of compromise (IoCs). For instance, when a scan catches a vulnerability, it has to be patched effectively in order to prevent malicious individuals from exploiting it. The immediate objective of vulnerability remediation is to stop threats from entering the network by closing security holes.
In mitigation, removing the threat is non-negotiable, as it may lead to service disruption. Mitigation involves conducting risk assessments in order to measure the risk profile of a specific threat and ensure that the remaining risks are acceptable. Unlike remediation, a vulnerability can be left unaddressed for the time being provided it does not present offensive risks or threats.
Once a vulnerability has been discovered, the best solution is to remediate it. In other words, allow IT professionals or IT administrators to fix or patch the vulnerability before it can become a security threat. Generally, it’s the organization’s IT security team, system administrators and system owners who come together to know which actions are suitable.
Remediation can be as complex as replacing a fleet of physical servers across an organization’s network or as simple as applying a readily available software patch. When remediation activities are finalized, it’s best to always run another vulnerability scan to confirm that the vulnerability has been fully resolved.
Nevertheless, sometimes remediation is not possible, for many reasons. Firstly, not all vulnerabilities need to be fixed. For instance, if the vulnerability is identified in Adobe Flash Player but the use of Flash Player is already disabled in all applications and web browsers company-wide, there is no need for action. Also, sometimes you may be prevented from taking remediation action by a technology issue, where a patch is not yet available for the vulnerability in question.
Other times, you may experience setbacks from your own organization. This often occurs when a vulnerability is on a customer-facing system and your company wants to avoid the downtime needed to patch a vulnerability.
In those cases, the concept of mitigation will come into play. That’s a process that reduces the likelihood of a vulnerability being exploited. For instance, distributed denial-of-service (DDoS) mitigation can route suspicious traffic to a centralized location where it is filtered.
Generally, mitigation is not the final step in dealing with a vulnerability. It’s more of a way to buy time for the company to either wait for the technology to be released or find a more suitable time to schedule downtime in the system. In the long run, fixing a network security issue is better than blocking the port that could expose it.
Nowadays, organizations know better. Rather than assume their applications are impenetrable, they are searching for proactive ways to uncover ongoing attacks through computer forensics, penetration testing or threat intelligence.
Therefore, many IT security experts understand that they need to go beyond the kill chain model to more effectively address attacks. Their solution is through mitigation and remediation techniques guided by the fact that attacks do not stop with interruption.
Let’s take a closer look at the steps in a kill chain:
Knowing the elements that make up the kill chain allows cybersecurity professionals to take the right action to prevent attacks. Incident responders can redirect bad traffic to black holes during an ongoing DDoS attack. Additionally, if a similar incident occurs in the future, the best practices they followed in the past can be reapplied, reducing damage and downtime.
IT security experts depend on threat feeds to offer actionable intelligence for their mitigation or vulnerability remediation techniques. Threats are often documented in publicly available databases. To make sense of innumerable datasets, they can use aggregated threat intelligence for faster mitigation and remediation. External data feeds give cybersecurity specialists access to accurate and real-time information which include the following:
Threat intelligence empowers security experts by giving them access to structured data to support their remediation and mitigation processes. While policy exceptions and other controls may hold them back from implementing remediation methods, threat intelligence enables them to gain better visibility into all potential attack vectors.
If you need a cybersecurity tool for vulnerability remediation, vulnerability mitigation and protecting your data against cyber threats, choose Vicarius. Vicarius is a vulnerability management software that targets cybersecurity officers and operators, as well as IT managers and operators from the U.S. market.
Top Nmap Commands for System AdminsKent Weigle November 04, 2021
How to Use NmapKent Weigle November 03, 2021
What is Nmap?Kent Weigle November 03, 2021
Three Essential Steps for Vulnerability RemediationKent Weigle October 16, 2021
The Hazards of Third-Party CodeKent Weigle November 02, 2021