TLDR:
- Ivanti disclosed VPN vulnerabilities impacting its gateways, leading to mass exploitation and affecting organizations, including CISA.
- Lessons security leaders can learn include understanding the vulnerabilities, recognizing the importance of incident response, anticipating potential fallout, and considering the consequences of going offline.
Recent Ivanti vulnerabilities have put the software company in the spotlight, with CISA among the impacted organizations. The vulnerabilities allowed threat actors to execute arbitrary commands with elevated privileges, leading to criticism of Ivanti’s incident response. Security leaders can learn key lessons from this situation, including understanding the vulnerabilities and the importance of incident response.
The impacted organizations should assume compromise and follow Ivanti’s mitigation and patching recommendations. These vulnerabilities can allow threat actors to spread ransomware in an enterprise’s network. Security teams should be vigilant for threat actor activity and lateral movement in their networks while considering the consequences of going offline in the event of a breach.
Enterprises need to be prepared for potential fallout from vulnerabilities and have incident response plans in place to mitigate risks. With the ever-present threat of exploitation, organizations should maintain a good inventory of their systems and software to minimize exposure. Security leaders must also consider the financial and operational implications of taking important devices offline in response to vulnerabilities.