A security patch has been released to address a critical vulnerability in a key enterprise application. Applying the patch, however, is known to significantly reduce the performance of a module critical to user operations. What should a Cybersecurity Analyst recommend to manage the vulnerability effectively without unacceptable disruption to business activities?
Rewrite the affected module of the application in-house to avoid the performance downgrade.
Create compensating controls specific to the use of the application while the vendor works on an optimized patch.
Defer the patch deployment until there is evidence of active exploitation in the wild targeting this vulnerability.
Divert resources from other projects to expedite the development of a custom patch.
Apply the patch immediately as system security takes precedence over performance concerns.
Maintain regular operations without applying the patch, accepting the risk due to business necessity.
The correct answer involves creating compensating controls, which are additional security measures designed to reduce the risk when an ideal remedy (like patching) cannot be implemented due to other constraints such as degraded functionality. Compensating controls must effectively address the risk while maintaining the application's critical performance levels until a performance-neutral patch is available. Simply deferring the patch deployment does not address the risk and can expose the organization to potential exploits. On the other hand, the suggestion to rewrite a portion of the application in-house not only is resource-intensive but also may be unfeasible without vendor support, potentially introducing new vulnerabilities. Lastly, applying the patch or ignoring the vulnerability are both unsatisfactory options because they do not strike the necessary balance between security and functionality.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls?
Open an interactive chat with Bash
Why is simply deferring the patch not a good option?
Open an interactive chat with Bash
What should one keep in mind when creating compensating controls?