Select Page

As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. For these sysadmins it’s not an easy task, however. In enterprise IT, sysadmins teams have a wide remit but limited resources.

For systems administrators finding the time and resources to mitigate against a growing and constantly moving threat is challenging. In this article, we outline the difficulties implied by enterprise threat mitigation, and explain why automated, purpose-built mitigation tools are the way forward.

Threat management is an overwhelming task

There is a range of specialists that work within threat management, but the practical implementation of threat management strategies often comes down to systems administrators. Whether it’s patch management, intrusion detection or remediation after an attack, sysadmins typically bear the brunt of the work.

It’s an impossible task, given the growing nature of the threat. In 2021 alone, 28,000 vulnerabilities were disclosed. It is such a large number that, in fact, a large proportion never got as far as being assigned a CVE. This is especially relevant in an industry laser-focused on tracking CVEs, testing for their presence on our systems and deploying patches mentioning specific CVE numbers. You can’t protect against what you don’t know you’re vulnerable to. If a given vulnerability does not have a CVE attached, and all your tools/mindset/processes are focused on CVEs, something will fail. The reasons for not assigning a CVE to a vulnerability are many and outside the scope of this article, but none of those will reduce the work that has to be done in security.

Even if an organization had a three-figure team of sysadmins it would be hard to keep track of this constantly growing list of vulnerabilities. We’re not even talking about interactions where a vulnerability may affect a secondary system running on your infrastructure in a way that isn’t that obvious.

Over time it just melts into a “background noise” of vulnerabilities. There’s an assumption that patching happens methodically, weekly or perhaps daily – but in reality, the relevant, detailed information within CVE announcements never reaches top-of-mind.

images from Hacker News