{"id":5932,"date":"2024-06-17T15:07:08","date_gmt":"2024-06-17T13:07:08","guid":{"rendered":"https:\/\/bezpecnevofirme.eset.com\/sk\/?p=5932"},"modified":"2024-06-17T15:07:08","modified_gmt":"2024-06-17T13:07:08","slug":"neopravene-zranitelnosti-mozu-mat-pre-firmu-vazne-nasledky","status":"publish","type":"post","link":"https:\/\/bezpecnevofirme.eset.com\/sk\/eset-blog\/neopravene-zranitelnosti-mozu-mat-pre-firmu-vazne-nasledky\/","title":{"rendered":"Neopraven\u00e9 zranite\u013enosti m\u00f4\u017eu ma\u0165 pre firmu v\u00e1\u017ene n\u00e1sledky"},"content":{"rendered":"\n
\"BVF<\/figure>\n\n\n\n
<\/div>\n\n\n\n

Akt\u00edvne vyh\u013ead\u00e1vanie zranite\u013enost\u00ed a\u00a0opravovanie bezpe\u010dnostn\u00fdch dier v\u00a0opera\u010dn\u00fdch syst\u00e9moch a\u00a0aplik\u00e1ci\u00e1ch je mimoriadne d\u00f4le\u017eit\u00e9.\u00a0IT\u00a0spr\u00e1vcovia v\u0161ak tieto \u00fakony \u010dasto zanedb\u00e1vaj\u00fa,<\/em> ke\u010f\u017ee s\u00fa \u010dasovo n\u00e1ro\u010dn\u00e9. Neopraven\u00e9 zn\u00e1me zranite\u013enosti vo\u00a0firemn\u00fdch infra\u0161trukt\u00farach <\/em>pritom patria medzi hlavn\u00e9 faktory ved\u00face k\u00a0\u00fanikom \u00fadajov. Tak\u00e9muto scen\u00e1ru sa pritom d\u00e1 pred\u00eds\u0165 pomocou n\u00e1strojov na\u00a0vyhodnocovanie zranite\u013enost\u00ed a\u00a0spr\u00e1vu z\u00e1plat.<\/em><\/p>\n\n\n\n

Pod\u013ea spr\u00e1vy spolo\u010dnosti IBM z\u00a0roku 2023<\/a>, ktor\u00e1 sa venovala n\u00e1kladom s\u00favisiacim s\u00a0\u00fanikmi \u00fadajov, vzniklo viac ako 5\u00a0% pr\u00edpadov ako d\u00f4sledok zn\u00e1mych zranite\u013enost\u00ed, ktor\u00e9 neboli opraven\u00e9. \u0160t\u00fadia tie\u017e zistila, \u017ee n\u00e1klady sp\u00e4t\u00e9 s\u00a0\u00fanikom \u00fadajov prameniacim z\u00a0neopravenej zranite\u013enosti predstavuj\u00fa 4,17\u00a0mili\u00f3na dol\u00e1rov. Firmy s\u00a0proakt\u00edvnej\u0161ou spr\u00e1vou zranite\u013enost\u00ed zalo\u017eenou na\u00a0vyhodnocovan\u00ed riz\u00edk vr\u00e1tane testovania zranite\u013enost\u00ed alebo penetra\u010dn\u00e9ho testovania zaznamenali ni\u017e\u0161ie \u0161kody sp\u00f4soben\u00e9 \u00fanikom \u00fadajov, ako bol priemer u\u00a0organiz\u00e1ci\u00ed, ktor\u00e9 neprijali \u017eiadne kroky. Tieto \u0161tatistiky len pod\u010diarkuj\u00fa skuto\u010dn\u00fd v\u00fdznam proakt\u00edvnych a\u00a0prevent\u00edvnych opatren\u00ed.<\/p>\n\n\n\n

Zranite\u013enosti ako br\u00e1na pre \u00fatok<\/h2>\n\n\n\n

Spr\u00e1va zranite\u013enost\u00ed spo\u010d\u00edva v systematickom identifikovan\u00ed, klasifikovan\u00ed, priorizovan\u00ed a opravovan\u00ed zranite\u013enost\u00ed v r\u00e1mci firemnej IT infra\u0161trukt\u00fary. Pravidelnou kontrolou syst\u00e9mov a siet\u00ed na pr\u00edtomnos\u0165 zranite\u013enost\u00ed m\u00f4\u017eu mal\u00e9 a stredn\u00e9 firmy odhali\u0165 potenci\u00e1lne slab\u00e9 miesta sk\u00f4r, ako by ich mohli zneu\u017ei\u0165 \u00fato\u010dn\u00edci. T\u00e1to proakt\u00edvna strat\u00e9gia je z\u00e1kladn\u00fdm predpokladom pre zaistenie bezpe\u010dnosti a integrity firemn\u00fdch \u00fadajov, syst\u00e9mov a siet\u00ed.<\/p>\n\n\n\n

Spr\u00e1va zranite\u013enost\u00ed umo\u017e\u0148uje firm\u00e1m chr\u00e1ni\u0165 syst\u00e9my a\u00a0siete pred\u00a0potenci\u00e1lnymi kybernetick\u00fdmi hrozbami, ako je napr\u00edklad ransomv\u00e9r<\/a>. Zranite\u013en\u00e9 miesta v\u00a0softv\u00e9rovej alebo sie\u0165ovej konfigur\u00e1cii toti\u017e m\u00f4\u017eu \u00fato\u010dn\u00edkom posl\u00fa\u017ei\u0165 ako vstupn\u00e9 body, cez\u00a0ktor\u00e9 dok\u00e1\u017eu z\u00edska\u0165 neopr\u00e1vnen\u00fd pr\u00edstup alebo sp\u00fa\u0161\u0165a\u0165 \u00fatoky, ako napr\u00edklad infikovanie zariaden\u00ed malv\u00e9rom alebo \u00fatoky odmietnutia slu\u017eby (DoS)<\/a>.<\/p>\n\n\n\n

Identifikovan\u00edm zranite\u013enost\u00ed, stanovovan\u00edm prior\u00edt pre\u00a0opravu t\u00fdch najkritickej\u0161\u00edch z\u00a0nich a\u00a0ich okam\u017eit\u00fdm rie\u0161en\u00edm m\u00f4\u017eu mal\u00e9 a\u00a0stredn\u00e9 firmy posilni\u0165 svoju ochranu a\u00a0zn\u00ed\u017ei\u0165 riziko kybernetick\u00fdch \u00fatokov a\u00a0straty \u00fadajov.<\/p>\n\n\n\n

V\u00fdzvy pri spr\u00e1ve zranite\u013enost\u00ed a z\u00e1plat<\/h2>\n\n\n\n

K\u013e\u00fa\u010dov\u00e9 je zranite\u013enosti identifikova\u0165 a opravi\u0165 \u010do najsk\u00f4r, \u0161tatistiky v\u0161ak ukazuj\u00fa, \u017ee realita je \u010dastokr\u00e1t \u010faleko od ide\u00e1lneho stavu. Oprava kritick\u00fdch zranite\u013enost\u00ed trv\u00e1 firm\u00e1m v priemere 88 dn\u00ed<\/a>, pri\u010dom v pr\u00edpade menej z\u00e1va\u017en\u00fdch zranite\u013enost\u00ed je toto \u010d\u00edslo e\u0161te vy\u0161\u0161ie.<\/p>\n\n\n\n

Jedn\u00fdm z\u00a0hlavn\u00fdch probl\u00e9mov, ktor\u00fdm mal\u00e9 a\u00a0stredn\u00e9 firmy \u010delia, je nedostatok odborn\u00fdch znalost\u00ed v\u00a0oblasti kybernetickej bezpe\u010dnosti<\/a>. Na\u00a0rozdiel od\u00a0v\u00e4\u010d\u0161\u00edch podnikov, ktor\u00e9 si m\u00f4\u017eu dovoli\u0165 \u0161pecializovan\u00e9 bezpe\u010dnostn\u00e9 t\u00edmy, maj\u00fa mal\u00e9 a\u00a0stredn\u00e9 firmy \u010dasto obmedzen\u00e9 zdroje a\u00a0ch\u00fdbaj\u00fa im zamestnanci \u0161pecializuj\u00faci sa na\u00a0spr\u00e1vu zranite\u013enost\u00ed. Pre\u00a0mal\u00e9 a\u00a0stredne ve\u013ek\u00e9 firmy je tak ve\u013emi n\u00e1ro\u010dn\u00e9 zastre\u0161i\u0165 cel\u00fd proces identifik\u00e1cie, prioriz\u00e1cie a\u00a0odstra\u0148ovania zranite\u013enost\u00ed, v\u00a0d\u00f4sledku \u010doho s\u00fa ich syst\u00e9my a\u00a0siete vystaven\u00e9 potenci\u00e1lnemu zneu\u017eitiu.<\/p>\n\n\n\n

\u010eal\u0161ou v\u00fdzvou je popasova\u0165 sa s r\u00fdchlym tempom, ak\u00fdm nov\u00e9 zranite\u013enosti vznikaj\u00fa. Ka\u017ed\u00fd rok sa na r\u00f4znych softv\u00e9rov\u00fdch a hardv\u00e9rov\u00fdch platform\u00e1ch objavia tis\u00edce nov\u00fdch zranite\u013enost\u00ed<\/a>, preto m\u00f4\u017ee by\u0165 pre firmy n\u00e1ro\u010dn\u00e9 udr\u017eiava\u0165 si preh\u013ead o v\u0161etk\u00fdch novovznikaj\u00facich hrozb\u00e1ch a n\u00e1le\u017eite ur\u010dova\u0165, ktor\u00e9 z\u00e1platy bud\u00fa ma\u0165 pri in\u0161tal\u00e1cii vy\u0161\u0161iu prioritu. Tento probl\u00e9m je umocnen\u00fd t\u00fdm, \u017ee kybernetick\u00ed zlo\u010dinci s\u00fa \u010dasto schopn\u00ed zneu\u017ei\u0165 novoobjaven\u00e9 zranite\u013enosti e\u0161te sk\u00f4r, ako sa stihn\u00fa vyvin\u00fa\u0165 a nasadi\u0165 z\u00e1platy.<\/p>\n\n\n\n

Nasadzovanie z\u00e1plat je \u010dasovo n\u00e1ro\u010dn\u00e1 \u00faloha. IT\u00a0spr\u00e1vcovia musia otestova\u0165 pr\u00edpadn\u00e9 chyby a\u00a0napl\u00e1nova\u0165 nasadenie z\u00e1plat tak, aby sa predi\u0161lo naru\u0161eniu intern\u00fdch pracovn\u00fdch postupov. Aj po\u00a0dokon\u010den\u00ed in\u0161tal\u00e1cie z\u00e1plat s\u00fa potrebn\u00e9 \u010fal\u0161ie \u00fakony, ako napr\u00edklad monitorovanie \u00fa\u010dinnosti z\u00e1plat, preverenie \u00faspe\u0161nej aktualiz\u00e1cie v\u0161etk\u00fdch zariaden\u00ed a\u00a0rie\u0161enie probl\u00e9mov, ktor\u00e9 sa mohli objavi\u0165 po\u00a0nasaden\u00ed z\u00e1plat.<\/p>\n\n\n\n

Rie\u0161enie na akt\u00edvne sledovanie zranite\u013enost\u00ed a automatizovan\u00fa opravu<\/h2>\n\n\n\n

Vyh\u013ead\u00e1vanie a\u00a0oprava zranite\u013enost\u00ed m\u00f4\u017ee by\u0165 zlo\u017eit\u00e1 \u00faloha, existuj\u00fa v\u0161ak n\u00e1stroje a\u00a0rie\u0161enia, ktor\u00e9 dok\u00e1\u017eu tento proces zjednodu\u0161i\u0165. Jedn\u00fdm z\u00a0tak\u00fdchto rie\u0161en\u00ed je automatizovan\u00fd n\u00e1stroj ESET Vulnerability\u00a0&\u00a0Patch Management<\/a><\/strong>, ktor\u00fd deteguje zranite\u013enosti a\u00a0nasadzuje najnov\u0161ie z\u00e1platy na\u00a0aplik\u00e1cie a\u00a0opera\u010dn\u00e9 syst\u00e9my na\u00a0v\u0161etk\u00fdch koncov\u00fdch zariadeniach, pri\u010dom v\u0161etky \u00fakony s\u00fa spravovan\u00e9 centr\u00e1lne z\u00a0jednej platformy.<\/p>\n\n\n\n

Zaveden\u00edm rie\u0161enia na spr\u00e1vu zranite\u013enost\u00ed a z\u00e1plat prid\u00e1te do svojich prevent\u00edvnych mechanizmov \u010fal\u0161iu vrstvu ochrany a v\u00fdrazne zn\u00ed\u017eite pravdepodobnos\u0165 \u00faspe\u0161n\u00fdch \u00fatokov sp\u00f4soben\u00fdch zastaran\u00fdmi opera\u010dn\u00fdmi syst\u00e9mami a aplik\u00e1ciami.<\/p>\n\n\n\n

\u00da\u010dinn\u00e9 rie\u0161enie by malo zah\u0155\u0148a\u0165 tieto funkcie:<\/p>\n\n\n\n