Dresner Group Blog

Our technology blogs feature IT tips and best practices for businesses in Columbia, Baltimore, Bel Air and in and about Maryland since 2002.

U.S. Government Making an Effort to Stop Exploits

U.S. Government Making an Effort to Stop Exploits

Earlier this year, there was a string of high-profile ransomware attacks leveraged against major companies. Now, the United States has issued an order that dictates guidelines for how to patch various vulnerabilities in affected systems within federal agencies and organizations. It’s a huge move in an effort to stop hackers and other cyberthreats from becoming more serious problems in the future.

The direction was issued by the Cybersecurity and Infrastructure Security Agency (CISA), and it essentially assigned due dates ranging from November 2021 to May 2022. CISA is urging all federal agencies and organizations to resolve certain known and exploited vulnerabilities during this timeline. There are some notable exceptions for national security-related infrastructures, though.

The catalog of known, exploited vulnerabilities is located on CISA’s website. This catalog contains information on each known vulnerability, and all of them (around 300 or so) are all believed to pose some kind of threat to the federal government. The catalog also links to NIST database entries for guidance on how to apply these patches and resolve these vulnerabilities.

This is obviously a huge undertaking and one that could lead to miscommunications, confusion, and more throughout the patching process. This is especially true when you consider that each department is responsible for deploying their own updates and are only accountable to CISA. Even so, CISA is applying pressure on these organizations to meet specific criteria within a timeframe.

This timeline varies, but within 60 days, agencies must review and update their policies on vulnerability management, and these new policies must be made available to CISA upon request. Agencies must also have a policy in place for carrying out the directive issued by CISA. Organizations must identify who is responsible for this, as well as how they plan to track and report on the implementation process.

If you think patch management is difficult for governments, then imagine how difficult it can be for small businesses with more limited spending power and fewer resources at their disposal. SMBs tend to patch vulnerabilities when they have the time and resources to do so rather than when they need to be deployed, which is not the correct approach. For each day you don’t resolve a vulnerability, you are giving hackers countless opportunities to break into your network.

Dresner Group can help your business with patch implementation and update deployment. We can make this process automatic and easy to take advantage of. You’ll find that there are countless benefits to freeing yourself from the worries associated with technology management and maintenance, and trust us when we say you’ll never have to worry about patches or updates again.

To learn more, reach out to us at (410) 531-6727.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

What are the Pros and Cons of a “Workation?”
Technology is Center Stage on Black Friday and Cyb...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 03 February 2023

Captcha Image

Client Service Login

Latest News & Events

This tournament is scheduled to be held Friday, June 10, 2022. The past six years have all been sold-out and this year is shaping up to be another one for the books you won't want to miss. 

Contact Us

Learn more about what Dresner Group can do for your business.

  • (410) 531-6727
  • 8600 Foundry Street, Suite 302
    Savage, Maryland 20763

Copyright Dresner Group. All Rights Reserved.