How to Make WannaCry a Non-event: Ransomware’s Got Nothing on Us

BY

The WannaCry vulnerability that impacted more than 150 countries and took down computer systems in UK hospitals, stopped train service in Germany, and disrupted institutions in Asia and other areas, is a dramatic example of what could have been prevented by a patch that was originally released about 60 days ago. In fact, most breaches are preventable because they are based on known vulnerabilities with patches readily available. Hackers target known vulnerabilities because they’re easiest to exploit.

Gain visibility, prioritize, and patch quickly

IT Operations teams have many priorities, and deploying the right patches can often be delayed if IT Operations lacks the insight into which vulnerabilities are “critical”  versus “medium. The WannaCry attack clearly illustrates the cost, damage, and unwanted media attention that can occur when best practice patching doesn’t happen.

It takes a typical organization almost 200 days (more than 6 months) from the time a vulnerability is detected until it’s fully patched. Nearly half of all exploits happen 10 to 100 days after a vulnerability is published.1 What causes this delay? It’s often due to a gap between the roles and priorities of Security and Operations. IT Security identifies the vulnerability and then it’s up IT Operations to deploy the patches. IT Operations, meanwhile, is focused on availability and day-to-day management. Availability is impacted by deploying patches, configurations, and packages to close those vulnerabilities. Fortunately, this delay in addressing critical vulnerabilities can be avoided.

Organizations can more quickly reduce the attack surface by giving IT Operations greater visibility into priorities and the severity of a threat and a quick understanding of its potential impact. So, the results will not be just focused on “10 patches deployed” or “10 servers patched.” Instead, it will be on the “10 most critical patches deployed on your 10 most critical services,” which delivers higher value to the business.

BMC’s Security Operations solutions (SecOps Response Service, BladeLogic Server and Network Automation, and BMC Discovery) address this challenge by providing IT Operations with contextual awareness around vulnerabilities and by making patching easy. These solutions protect organizations from malware, ransomware, and viruses. They give IT Operations critical insight into a threat — its impact, systems affected, fixes available, and so on. Security Operations teams have greater visibility into where the problem exists and what IT Operations is working on. As a result, IT can move swiftly to focus on eradicating the vulnerabilities that matter the most by using automated, scheduled patching.

When a vulnerability is identified with BMC’s Security Operations solutions, it’s easy to find any systems that are missing critical patches and remediate them. A variety of key capabilities are automated with these solutions to protect your business against threats like WannaCry and other potential attacks. The solutions provide a wide range of capabilities, such as the ability to:

  1. Identify and prioritize the vulnerability and severity level.
  2. Ensure that IT Operations and Security teams are working from the same information – they both have insight into the context of the vulnerability.
  3. Take the overhead of change management out of the process with change integration.
  4. Make sure you’re working with the most current patches and information.
  5. Use your existing device groups or collections to organize by inventory, and review missing patches. Based on your groups and patching policies, you can quickly determine whether you’re up-to-date.
  6. See detailed information about a vulnerability, the product that’s affected, and immediately begin patching impacted devices, or scheduling for maintenance windows.

What’s next?

It’s easy to see how the worry and devastation caused by this latest threat can make people “want to cry.” Surgeries in hospitals were cancelled and patients were turned away from emergency rooms. Factories stopped making cars. Trains were significantly delayed. People were locked out of their computers. As bad as this may seem, future threats could be even worse – making you “WannaScream.” Instead, you can close the gap between Security Operations and IT Operations, give context and insight to vulnerabilities, and stop these attacks from happening to your business.

To learn more about BMC’s Security Operations solutions, visit: http://www.bmc.com/it-solutions/secops-security-operations.html?vu=secops

1 Hack to Basics: Patch Vulnerabilities before Attackers Exploit Them, GuidePoint Security

See SecOps Response Service in Action: Watch a Demo


SecOps Response Service helps security and IT operations teams prioritize and remediate risks based on potential impact to the business.

Watch a demo ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

Share This Post


Sean Berry

Sean Berry

Sean Berry is a Solution Evangelist in BMC’s Data Center Automation & Cloud group, responsible for BMC BladeLogic Threat Director and Server Automation. He has more than 15 years of production operations, consulting and automation experience, including everything from e-commerce, insurance and software development. He has passion for the success of his customers, and has done everything from professional services and pre-sales to customer engineering. In his occasional free time, he transports rescue dogs by air and land, and experiments with lasers, molten plastic, and mode 2 computing.