×

Seemplicity secures a total of $32M to bring the future of work to security teams!

Seemplicity
Read More

Are Your Vulnerable Systems Pets or Cattle?
Tanvi Tapadia, February 7th, 2024

Vulnerability remediation is no small feat – especially if your security and remediation teams are understaffed and overwhelmed. Because vulnerabilities extend across the code, cloud, and infrastructure in your attack surface, and can vary drastically in their criticality, location, type, or affected systems, one-size-fits-all approaches are rarely the answer. However, creating custom remediation actions for every finding can severely hinder team efficiency, fuel burnout, and leave your organization open to risk. 

Many organizations combat this problem by leveraging the “pets vs. cattle” theory to optimize efficiency and achieve scale by defining their vulnerability findings with this model. 

 

The Pets vs. Cattle Analogy

The pets vs. cattle analogy has been used to help explain DevOps and DevSecOps concepts for a decade or more. As the analogy goes, pets are integral parts of our families. They have personal names. They’re lovingly nurtured. When they’re sick, we often rush to the veterinarian to understand how we can nurse them back to health. When they go missing, everyone notices. In the context of vulnerability remediation, pets are the indispensable, unique systems that can never be down, such as mainframes, solitary services, database servers, load balancers.

Cattle, while important, rarely stand out in a herd. They receive numbered name tags, standardized care, and are removed from the herd when ill. In the realm of IT, these are machines or servers that often have nearly identical names (e.g., svr01, svr02, etc.), are configured identically, and are easily and often automatically replaced in the event of (inevitable) failure. 

 

Types of Remediation by Pet or Cattle 

As mentioned above, different vulnerability types require different remediations. These can be broadly classified into four categories: 

1. Upgrade: upgrading vulnerable software to the latest version resolves all associated vulnerabilities.

2. Patch: patches generally address a specific problem or vulnerability without upgrading the entire software. 

3. Configure: changing configurations eliminates some vulnerabilities entirely while maintaining the existing software. Many cloud vulnerabilities are misconfigurations.

4. Remove: removing or disabling vulnerable software entirely.

Although both pet and cattle vulnerabilities can be addressed with these methods, remediation will look different depending on the system. For example, an upgrade for pets will look different than an upgrade for cattle. 

  • Pet remediation can often lag for weeks or months because of their high stakes nature. Upgrades are commonly released in steps before making it live, with weeks or even months between each stage to minimize the risk of bugs and/or downtime. These delays leave the organization open to risk and are why security teams should strive to keep pets at a manageable level.
  • Cattle upgrades often execute across multiple machines at once and require minimal manual work. 

Because pet systems require so much more time, attention to detail, and manual labor, it’s best to minimize the number of new pets created to achieve scale. By gearing efforts towards building replaceable cattle systems and introducing automated cattle remediation, teams can scale as needed while minimizing critical or overdue vulnerabilities and ensure that manual time and effort are reserved for remediating pet systems. 

 

Scaling your IT farm with Remediation Operations 

Remediation operations platforms can minimize risk and optimize remediation for both pet and cattle systems by mobilizing the right teams with the data, context, and automation.

 

Resource tracking for high-level insights

Remediation operations platforms ingest findings from vulnerability scanners from across domains to provide easily accessible and consumable remediation insights at a glance. By grouping pet and cattle systems, security teams can analyze technologies together to answer questions like, “is this a cloud problem or an infrastructure problem?” and evaluate the health of pets and cattle at a glance. 

 

Aggregations minimize cattle findings 

Remediation operations platforms optimize efficiency and transform the focus for remediation teams from problems to solutions by distilling multiple findings into a singular remediation action for groups of cattle resources.

 

Format and cadence 

Instead of manually coordinating remediation owners and status updates across disparate systems and tools, security can communicate complex remediation plans across departmental and technological boundaries through automated, bi-directional integrations with existing workflow management systems. This consistent flow of information empowers the ability to scale quickly and keeps remediation teams organized. 

 

Specialized workflows

Specialized workflows utilize a series of logic gates to trigger and alert the right remediation owners about a vulnerability. This capability helps remediation teams both stay on top of any complex, multi-phase pet remediation as well as keep cattle healthy with minimal manual interference. 

 

Balance Pets and Cattle With Ease

Remediation is already tricky to track and implement across cloud, code, and infrastructure given the variation in vulnerabilities’ criticality, location, type, or affected systems; and, the variation of criticality in systems adds another layer of complexity when prioritizing remediation actions. By proactively leveraging RemOps technology to automate and balance the care of cattle while giving specialized care and consideration for pets, security teams can minimize reactive, rushed remediation and instead allocate resources effectively. Learn how today.

Read More From Our Blog

How Digital Transformation Impacts Vulnerability Management Programs… and the Solution

Read Now

3 Things to Consider When Choosing a Workflow Platform for Your Security Team

Read Now

The Cybersecurity Professionals Burnout is Real – Here’s How Automation Can Help

Read Now