Adversaries are now reverse engineering patches at an accelerated pace, thanks to AI technology,” stated Mike Riemer, SVP of Network Security Group and Field CISO at Ivanti, in an interview with VentureBeat. “Within 72 hours of a patch release, threat actors can reverse engineer it, leaving unpatched systems vulnerable to exploitation.”
This ongoing threat has prompted vendors to reevaluate their security frameworks starting from the kernel level. Ivanti recently launched Connect Secure (ICS) version 25.X as a proactive measure to combat these sophisticated attacks.
Recent findings at DEF CON 33 by researchers from AmberWolf demonstrated the real-world implications of these threats. They showcased authentication bypass exploits in Zscaler, Netskope, and Check Point products, highlighting vulnerabilities that went unaddressed for months, putting organizations at risk.
The Significance of Kernel Security
The kernel serves as the core component of computing devices, overseeing memory management, processes, and hardware operations. A compromised kernel grants attackers complete control over a device, potentially leading to a full-scale network breach. This breach nullifies all other security measures in place, emphasizing the critical importance of kernel security.
Ivanti’s latest release, Connect Secure 25.X, runs on Oracle Linux with robust Security-Enhanced Linux (SELinux) enforcement to restrict threat actors’ capabilities within the system. The solution incorporates various security features such as Secure Boot protection, disk encryption, key management, and a Web Application Firewall (WAF) to fortify critical system components and thwart external threats.
“Our Secure by Design strategy has seen significant advancements over the past year, with substantial investments in technology and talent,” Riemer explained. “The release of Connect Secure 25.X underscores our dedication to enhancing security measures and safeguarding our customers’ assets.”
Transitioning from OS Rings to Deployment Rings
Modern patch management strategies have adopted a ring deployment model to address the rapid exploitation window. This phased approach automates patch rollouts through Test, Early Adopter, and Production Rings, ensuring timely updates and minimizing exposure to vulnerabilities. Gartner’s research indicates that this approach achieves a 99% patch success rate within 24 hours for up to 100,000 PCs, contrasting with organizations’ average 43-day detection time for cyberattacks post-patch release.
Jesse Miller, SVP and IT director at Southstar Bank, emphasized the importance of reducing the attack surface promptly through ring deployment. Attackers often target legacy vulnerabilities, exploiting delays in patching to launch successful attacks.
The evolving landscape of cybersecurity emphasizes the need for a proactive defense strategy that prioritizes timely patching, kernel-level security audits, layered defenses, and transparency in security practices. Organizations must adapt to the changing threat landscape by implementing robust security measures to mitigate risks effectively.
