How to Quickly Identify and Mitigate New and Changing Cyber Risks

Rich campagna
September 14, 2020 | 4 min read | Security Posture

Our customers often mention when we first meet that “we want to get away from days of delay that go by between a request for risk info and the response, and then action to mitigate the risk.” A series of events happened during the most recent Patch Tuesday at one of our customers, and I thought I would share it with you.

How it started

At this organization, an executive changed their personal Linkedin account password to be the same as their corporate Single Sign On (SSO) password (not recommended). Around the same time, Microsoft was issuing its Patch Tuesday updates and issued patches for129 CVEs. Among those was CVE-2020-1210, a remote code execution flaw in Microsoft Sharepoint that bad actors could exploit by uploading a file to a vulnerable Sharepoint site.

Early in the morning, these two events triggered a review by someone in the security team who noticed that the risk for several key servers had increased substantially as reported by Balbix. Within minutes a new Balbix dashboard pin-pointing the relevant issues was created and shared with the “risk owners” responsible for those assets.

The fix

By later in the day, both critical issues had been resolved. And all Balbix dashboards automatically updated, letting all stakeholders know that the risk event had been mitigated. Local time: 9:16 AM Pacific.

I’ve attached a few anonymized screenshots that will help you visualize how this workflow played out.

In the first screenshot, you can see the Breach Likelihood for the organization increase considerably. Driving that was a high likelihood of breach across both “Core Servers” and “Public Servers,” both of which contained many business-critical assets that had not yet been patched.

Before Patch Tuesday

(Before) Balbix dashboard that flagged breach risk

Upon rolling out the Patch Tuesday update, you can see the Breach Likelihood return to a normal level for this organization.

After Patch Tuesday

(After) Balbix dashboard after the issue was resolved

Mistakes happen, that’s why we’re here to help. Rather than wait for Indicators of Compromise, Balbix customers are able to take advance action to mitigate risk before attackers start to infiltrate the organization, leveraging prioritized risk insights to dramatically reduce overall breach risk. If you would like to learn more, check out this quick 2-minute view overview of Balbix Platform.