Security patches and updates leave companies at risk when they're running systems designated as end of life (EOL), such as .Net systems, Windows Server 2003, and Windows XP. When Microsoft releases an update or patch after the operating system (OS) is no longer supported, cybercriminals and malicious software develops dissect the update and reverse engineer the fix to find the security hole that was patched. Cybercriminals are aware of operating systems that are no longer patched and/or updated, then they focus in on vulnerable targets to exploit. Once exploited, customers can experience data breaches, system crashes, website outages, or even malware attacks. One such outbreak occurred in May 2017 when hundreds of thousands of companies fell victim to WannaCry. The ransomware swept through organizations like a worm, self-propagating across computer systems that had failed to patch a two-month-old SMB Windows vulnerability known as "EternalBlue." Without access to the latest Microsoft security bulletins, some systems running Windows XP successfully installed and spread WannaCry. Most simply crashed. Even so, the Redmond-based tech giant perceived enough of a threat to release an emergency security update for Windows XP… more than three years after declaring the operating system EOL. Given the threats of malware attacks like WannaCry, organizations must carefully consider whether to extend the life of an EOL system. Organizations need to ask themselves three questions:
- How do I keep this system in its current working state?
- Despite the lack of updates, can I harden the system to reduce my attack surface?
- How do I know when something has changed on my system?
These questions don't operate in a vacuum, either. Enterprises need to come up with the budget to make special accommodations for EOL systems. It will also be imperative to find the time to train employees on technologies that can potentially help. Whitelisting, for example, may be an option for systems that remain static. However, in the course of maintaining their business practices, companies need to realize that these older systems will need to and do change. Whitelisting is also less viable when you have to maintain and support a heterogeneous array of systems. In fact, the recommended configuration from many of these solutions is to lightly enforce, allowing whoever is working on the box to change the list. This adds to and does not reduce the attack surface. Only one technology really delivers the basic security and operations hygiene needed to extend system life: a tool that incorporates both secure configuration management (SCM) and file integrity monitoring (FIM). SCM and FIM solutions can take a baseline of the system, compare that baseline against hardening standards, and tell you when the system deviates from this baseline. With this information, you can secure system configurations and be alerted to any possible policy deviations or indicators of compromise. The premiere SCM and FIM product on the market today is Tripwire Enterprise. It is a security SCM suite that provides fully integrated solutions for policy, file integrity and remediation management. Organizations can use these solutions together for a full, end-to-end SCM solution to extend the life of EOL systems. The suite lets IT teams rapidly achieve a foundational level of control by reducing the attack surface, increasing system integrity, and delivering continuous compliance. For more information about Tripwire Enterprise, click here.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
