By now, the world has come to grips with what has been termed as the largest Cyber attack in history – the WannaCry Ransomware- affecting over 100 countries.
And by now, most have understood it was not a new attack or a novice way of hacking via an unknown zero-day vulnerability. Microsoft identified this vulnerability -and- patched it back in March 2017.
The news relates to how lacking most enterprises are in just-in-time vulnerability management. Most, if not all, organizations have a cyclical rhythm of Identification and Remediation that spans weeks, if not months:
- Analyze infrastructure for known vulnerabilities
- Identify known vulnerabilities to Operations
- Operations schedules approved patches for application on infrastructure
- Scheduled changes and risk to systems have varying degrees of frequency of remediation.
- Apply patches.
The net result is that it’s not that difficult to understand why WannaCry happened: Most enterprises (SMBs too) go over a month or more without remediation against known (and patched) vulnerabilities.
Worst yet, most enterprises focus on Critical vulnerabilities, leaving the Moderate, Important, or even Low severity vulnerabilities outstanding due to short staff or lack of awareness.
Where can NowCloud Help?
Unlike traditional processes where Identification is air-gapped from Remediation, NowCloud provides you with a single self-service platform for vulnerability identification and remediation against On-Premise and Public Cloud workloads, leveraging Daily updated patches and vulnerability information for all public operating systems. We like to call this SecDevOps.
Through a single portal, you can attach a Compliance Check against your workload, and non-intrusively we will tell you if your workload is vulnerable.
If vulnerable, you have the choice to apply the latest patches from the appropriate vendor, or enroll your system into a patch schedule of your liking. NowCloud will handle the remediation of any known vulnerability.
In world-wide crisis like WannaCry, NowCloud is the choice to provide your organization the necessary identification and remediation capability in an integrated platform.
Are you ready to prevent the next WannaCry attack? We are, let us know you how we can help! Contact a member of our sales team at firstname.lastname@example.org.