WATCH What Is A Vulnerability Alert Management Process – VAMP – Day 15 of Cybersecurity Awareness Month – Day 15 of Cybersecurity Awareness Month
Mike Miller 00:06
So today, Craig from CyberHoot is talking to us about cybersecurity. And, Craig, we know it’s important to patch our known technology, computers, peripherals, what have you regularly? But what’s the importance of a vulnerability alert management process?
Craig Taylor 00:26
That’s a great question Mike and Shelly and I appreciate you asking it during October cybersecurity month because many companies do patch their systems, but they don’t have a process documented for how quickly they need to patch. And that can lead to devastating consequences, especially in today’s internet time. And the connectivity that we have to all of the internet in our businesses, sometimes a vendor will release a patch that is so dangerous, that you have to stop what you’re doing right now, like, end this interview and go patch a system because it’s that important. And I’ll give you an example in a little bit. But let’s talk about what a VAMP process is. So your listeners know what we’re talking about.
VAMP stands for vulnerability alert management process, and it sets expectations within your company, for how quickly you need to apply a patch based on a number of specific criteria. Is the vulnerability enabled on a network basis? Meaning the internet can come in in a breach you? Is it? Does it yield a denial of service, meaning the system crashes, but it doesn’t give remote access? Or does it give remote access and privilege escalation? So these are some of the questions that go into answering, how fast do I have to patch for a particular vulnerability.
And the other beautiful part of this process is that, you know, a vendor will release a patch at the worst possible time, you’ll have five people that you have to get involved, they’ll have to shut the server down. They’re in the middle of their busy work day. And you’re going to have to have agreement that when this these criteria are met, you all stop working and you start patching. And that is hard to get when you don’t have a documented when you don’t have the right people who who authorizes that, who says yeah, it’s okay for us to shut down what we’re doing with our server and patch it immediately. That’s where the process of a VAMP comes in. Because it’s agreed upon process, the right people are notified and approving the change in an emergency situation. And it allows you to follow something that is reproducible each and every time. So you have consistent application of these controls in your business. So with VAMP in place, you know when to jump, and you know how high to jump?
Mike Miller 02:52
Okay. Is Do you have like a recent example that you could share that would make it more clear for everyone?
Craig Taylor 02:59
Absolutely. Earlier this year, Microsoft released a patch for a zero day vulnerability. What that means is there was software they were responsible for this was an Exchange Server. So all your email, it’s internet accessible, right? Email gets delivered to exchange, it’s parsed up and put into mailboxes for all your employees. There was a remote privilege escalation vulnerability that they were aware of. And it was actually being exploited in the wild meaning hackers were using it to break into companies already.
And Microsoft on a Tuesday released a patch for this at their highest warning level. It was like a 10 out of 10 for criticality. Well, we have many clients at CyberHoot where we are the vCISO or virtual chief information security officer. And we looked at that we said, Oh boy, this is a biggie. We turned around and contacted the one vCISO so client we had that ran exchange, it was a city in New Hampshire, and we said, Listen, we have to patch as soon as possible. This was we were aware of it about eight o’clock at night. We couldn’t patch it that night. We patched it the next night. And it was that quick. Later that week, we come to find out there was five or six other municipalities or cities in New Hampshire where we have our home office that had to go and rebuild their entire exchange infrastructure because they were hit and compromised. And our client was not exactly happy about those other companies being breached, but very happy that they weren’t one of them.
So we use the VAMP process, we had it established ahead of time we had the timeframes established in the agreement that we would drop everything to do this and we executed on that particular day. And it turned out very well for our client and everyone was happy at the end of it. So using VAMP to your advantage as a vCISO. And as an IT director, or as an MSP to have these in place for your clients is going to help you succeed in the long run and save a whole lot of headaches because it took us you know, an hour to patch and have everything back up and running. It takes a day to rebuild an Exchange Server from scratch, recreate the mailboxes, make sure there was nothing else bad happening in your network. So an ounce of prevention is worth a pound of cure is is one of the great phrases I like to use in this situation.
Shelly Miller 05:21
Very good. Okay, so that helps a lot so you know, it’s really nice to have these modern conveniences but that doesn’t mean they don’t have to continually be maintained. So that’s the takeaway here. It’s just like you know, you do you have to have a new car, but you still have to get your oil changed. So same technology. So thank you for helping us become more aware to stay more secure.
Craig Taylor 05:45