Applying critical software patches for large numbers of remote workers is now a very major issue for the IT team, when trying to improve information security. Advanced Threat Detection and Protection offsets the substantial risks posed by unpatched software and offers an additional layer of defence for the enterprise and its newly dispersed workforce.
Software patch management is a continual and essential task regardless of whether your users work remotely, at home or within an office and it is arguably more important than ever to make sure their endpoints are correctly secured.
For the majority, COVID-19 means your workforce and IT staff are working remotely. Accessing and managing the systems they utilise is now a significant challenge, many businesses and their IT teams were simply not ready for the massive shift toward homeworking and do not have the capability to stay on top of the patching needs for their remote Windows systems and have consequently increased their attack surface considerably.
Add to this the 65% of organisations that allow access to line of business applications and data by personal or unmanaged devices that lack even basic information security and you start to build up a picture of where cybercriminals are currently focusing their attention.
The large updates released by Microsoft on patch Tuesday regularly contain fixes for multiple software flaws across their Windows and Office product sets and often take considerable time to download and apply even in a single user scenario. Occasionally patches for vulnerabilities arrive too late and software flaws have already been exploited and affected systems need urgent attention. Additionally, it is often the case that more serious information security vulnerabilities require an emergency fix applying to all systems running the vulnerable software that cannot be easily deployed remotely. These scenarios have always presented a considerable problem to IT staff but now they face the added complication of contacting large volumes of remote users to arrange remediation or at the very least deploy interim software fixes.
VPN & Patch Bottlenecks
Patching solutions have been available a long time and whilst they address well the need to manage and deploy software fixes and patches across large numbers of endpoints, there can be significant issues where there are increased numbers of remote VPN connected users, in this scenario the VPN tunnels become bottlenecks due to the bandwidth overhead of pushing out patches to the associated endpoints.
Zero Day Exploits
Maintaining heightened levels of protection for remote end user devices is further hampered by the ever-increasing threat of zero-day exploits. A zero-day exploit is an issue with software which targets a previously unknown information security vulnerability, meaning that the user or organisation using the software has zero days to react and patch the flaw. This type of issue demands a swift resolution by the roll out of an interim fix to all affected devices and often these hotfixes cannot easily be applied remotely. The increased use of zero day vulnerabilities has been at the root of many significant attacks in 2019 with a distinct focus on financial and data theft or ransom. Cyber criminals use of zero day exploits is expected to rise again in 2020 and into 2021 putting further pressure on already stretched IT security.
Detecting the Unknown
Thousands of new threats and strains of malware are seen every week, traditional “signature” based detection software is dependent on the recognition of specific identifying characteristics (signatures) within each malware package, these signatures are then incorporated into detection catalogues which in-turn are utilised by the detection software to recognise the malware when encountered. This procedure obviously takes time and if a malware package makes it’s way into an unpatched enterprise before the detection signature catalogues are updated, the consequences can be catastrophic.
Advanced Information Security Threat Protection
Enter the need for advanced threat detection (ATP), a new type of detection/protection solution that can identify both known and zero day unknown threats regardless of the endpoint location, a solution that utilises machine learning and artificial intelligence that can monitor user traffic across the network in real time and make decisions to ultimately control it’s transit; scanning, detecting and blocking threats and malware to keep the enterprise safe without the need for the IT team to intervene and remediate.
Deploying this type of next generation technology across your organisation would mean that delayed patching no longer exposes your infrastructure, users and endpoints for extended periods of time as it has the capability to stop previously unknown threats and malware variants.
Furthermore, If this new detection and protection capability could be placed in the cloud its is possible to remove the overheads and VPN bottlenecks away from the network perimeter and deliver a flexible solution that can be expanded on demand to provide a truly scalable threat defence solution.
Businesses need ever more intuitive and advanced solutions to protect themselves from the relentless and seemingly ever-present threat of cyber-crime and the evolution of never-before-seen software exploits.
Blog written by Howard Johnson, Cyber Practice Lead – https://www.linkedin.com/in/johnsonhoward/
Further Information about email scams and Information Security
For more information about home working during COVID-19 from NG IT click here.
For further information about home working from the UK government click here.
For further information about email scams from Barracuda click here.