Blog Red Hat
Implementing the CISA known exploited vulnerability mandate with greater ease
The term “patching” dates back to the days of punch cards when a programmer would literally patch a hole in a punch card to correct a bug. This allowed the programmer to correct mistakes without re-punching the entire card. What a painfully manual process that would have been to scale!
We have come a long way since the mid-twentieth century when this technique was used, but patching is as prevalent—if not significantly more so—today as ever as the threat landscape is evolving more rapidly and software release cycles shorten.
“As long as we have software we will have to update it,” is a phrase common among IT professionals. There are a variety of reasons to require an update: performance or bug fixes, regulatory or vendor support requirements, or security vulnerabilities in systems. Patching also protects against security vulnerabilities like data breaches or attackers gaining control of a system. In severe cases, this leads to consequences far beyond the health and stability of the system.
The cost of data breaches
The 2022 IBM Cost of a Data Breach report says that 83% of organizations will experience a data breach more than once, and the organizations that are using automation have a 74-day shorter recovery time. A notable data point from the report stated that organizations with automated security responses saved approximately US$3 million per breach, which represented the largest cost savings opportunity examined in the study.
Additionally, the report found that “vulnerabilities in third-party software” is a leading attack vector and cost factor of data breaches where the ability of an organization to keep third-party software up to date plays a critical role in maintaining a strong security posture.
Binding operational directive
The importance of patching known vulnerabilities and the impact that these exploits can have has led the Cybersecurity and Infrastructure Security Agency (CISA) to issue a binding operational directive to reduce “the significant risk of known exploited vulnerabilities.” The Binding Operational Directive 22-01 states that federal Civilian Executive Branch agencies are required to comply with the following actions (summarized):
- Within 60 days of issuance [of the directive], agencies shall review and update agency internal vulnerability management procedures in accordance with this Directive.
- Remediate each vulnerability according to the timelines set forth in the CISA-managed vulnerability catalog. For Common Vulnerabilities and Exposures (CVEs) assigned prior to 2021, vulnerabilities must be remediated within six months, and within two weeks for all others.
- Agencies are expected to automate data exchange and report their respective Directive implementation status through the Continuous Diagnostics and Mitigation (CDM) Federal Dashboard.
Are you prepared to update a vulnerability across your Linux, Windows, networking, cloud and other infrastructure within two weeks? Would this require an all-hands-on-deck response? How will you keep pace with other projects and new innovations if you are spending all your time reacting to threats instead of taking a proactive approach? It’s important to note that the CISA directive is specifically targeted toward known exploited vulnerabilities which account for a small number of overall vulnerabilities present in software as detailed here. Nonetheless, automating the swift remediation of the CISA documented vulnerabilities puts your agency in a better position to respond regardless of severity.
Security automation with Ansible Automation Platform
Red Hat Ansible Automation Platform helps meet these requirements with a comprehensive enterprise automation solution and supported integrations for your infrastructure. Ansible Automation Platform appears on CISA’s approved product list for the CDM program to automate the deployment of remediations.
Ansible Automation Platform is uniquely positioned to address this challenge more rapidly as it is built using a common automation language that can be more easily learned and implemented across IT teams. Furthermore, Ansible builds a bridge to collaborating with application or infrastructure owners to implement testing capabilities that break down silos across traditional IT structures allows agencies to react faster without adding additional risk to system stability.
Backed by Red Hat Support, you have access to knowledge base articles and experts to help you get there because when the federal enterprise is at risk, there is no time for system downtime. Start your free trial today, or schedule a demo to see how powerful a culture of automation can be in your agency.
About the author
Will Tome is an Automation Strategist for Red Hat specializing in working with federal agencies to develop automation strategies and solutions to solve growing infrastructure complexities and security requirements. He comes from a technical background as a Solutions Architect with Red Hat Ansible Automation Platform, which allows him to translate unique technical requirements and limitations into strategies that serve the mission.