Anil Bhasin
MD for India and SAARC,
Palo Alto Networks
There will always be bugs, or flaws in software, especially when talking about complex applications with millions of lines of code. In most cases they are unintentional, though they can sometimes be planted by malicious insiders or adversaries with access to an organization’s network
Microsoft and Adobe have made a priority of working with companies and finding and fixing vulnerabilities through programs like MAPP. Unfortunately, there are other widely deployed applications that have vulnerabilities. Every year there are more than 5,000 vulnerabilities discovered and businesses need to focus on knowing the risks of running vulnerable software. Unfortunately, these vulnerabilities discovered every day are not discussed enough.
“Why do major software vendors all over the globe keep discovering and patching vulnerabilities in their software?” When asked this way, you realize it goes far beyond the vulnerabilities that receive media attention such as Microsoft. There will always be bugs, or flaws in software, especially when talking about complex applications with millions of lines of code. In most cases they are unintentional, though they can sometimes be planted by malicious insiders or adversaries with access to an organization’s network.
You hear about Microsoft more than others due to how their software is widely used and the impact it has on this large user base. Not only this, but they are in many ways leading the charge with the Microsoft MAPP program, which many companies participate in, to share the latest information on vulnerabilities to protect customers and the industry as a whole. These vulnerabilities are serious, and all of the ones Palo Alto Networks has discovered for Internet Explorer receive the highest ranking of “critical” by Microsoft, but it is believed that this open and responsible disclosure of vulnerabilities, and the sharing between vendors, is a powerful tool against adversaries.
Critical vulnerabilities in the software used each day represent a huge risk to businesses. Fundamentally, adversaries can exploit these vulnerabilities to gain an initial foothold in a system. This foothold allows advanced attackers to control the system, install malware, and use that as an initial pivot point to move around the network. Typically, stealing intellectual property is their goal, though they can also seek to bring down systems or deface a company’s public presence. From a technical sense, critical vulnerabilities discovered allow “full remote code execution,” meaning, an attacker can execute code of their choice on the system from anywhere in the world.
Oracle's Java is probably one of the widest deployed and most exploited by web attack toolkits. There are often instances of companies using old out of date vulnerable software because the vendor that has supplied hasn't gotten around to fixing it. The only reason why a particular company had a vulnerable version of Java installed on every employee’s computer was due to the vacation request software that required it! This single issue put their entire company at risk of silently being compromised by a web attack toolkit.
Few core concepts to protect an organization
• Keep your applications patched and up-to-date. Vulnerabilities generally only affect certain versions of software, and you greatly reduce your attack surface by applying the patches vendors provide, which close these gaps
• Employ basic security protections such as IPS/IDS to prevent exploitation of vulnerabilities at a network level. Choose a vendor who has a record of creating and deploying new signatures quickly, and is part of information sharing programs such as Microsoft MAPP
• Use Next-Generation Firewall policy as the central control point for your network, safely enabling only the applications you need to run your business, and blocking all others
• Have a solution for discovering unknown threats crossing your network, with the ability to prevent them in-line
• Join information sharing groups with your peers, to understand breaking attacks affecting others in your industry
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.