Subscribe
About
  • Home
  • /
  • Malware
  • /
  • Bad patch management keeps old exploits in vogue

Bad patch management keeps old exploits in vogue

As much as cyber criminals continue to refine and expand their ways of attacking data and devices, they are also digging into their bags of tried and trusted tricks. Richard Broeke, an IT security specialist and General Manager at leading managed IT security provider, Securicom, says that there's a growing number of companies experiencing exploits on vulnerabilities that are three or more years old.

"The very same vulnerabilities that have been patched by vendors are being exploited again. One survey suggests that 90% of organisations have recorded exploits on old vulnerabilities, with related attacks on some vulnerabilities surfacing as much as a decade later. This is largely because of lack of patch management and badly configured systems. Software updates may seem mundane but they must be done to remove outdated features, update drivers, facilitate bug fixes and importantly, close security loopholes.

"Due diligence, it seems, would therefore be to install software patches promptly, make sure security systems are up to date, monitor networks for suspicious activity, and quarantine devices that show unusual behaviour. But, in a lot of companies this isn't happening. In fact, lack of network monitoring, bad patch management and poor endpoint hygiene are amongst the main reasons why old vulnerabilities can be exploited over and over again," he says.

A software vulnerability is essentially a security hole or weakness found in an operating system or software programme. Hackers exploit these by developing code to target them. These exploits, packaged into malware, infect computers and whole environments, thereby putting networks and data at risk.

"Outdated and poorly configured systems, specifically firewalls, are frequently where companies are weak. Curiously, we also see companies that have invested in some really comprehensive endpoint management and antivirus tools but they don't keep them up to date. Unmanaged, outdated security systems simply cannot deliver adequate protection against new and existing threats."

He says companies need to ensure that all their software versions are the most current, that updates to the endpoints connecting to their networks are applied regularly and that perimeter controls are effectively implemented for an extra layer of protection whilst these endpoints are inside the office.

"If you can't be sure when the last updates were applied, then it is time for an update," he says.

Regular 'health' checks should also be done on the IT environment to identify loopholes that can inevitably emerge as the environment grows and evolves. It is only once these vulnerabilities have been indentified and remedied that systems and devices can be added, updated or upgraded in a decisive, strategic way so that an ineffective, unsecure 'patchwork' is not the end result.

Securicom strongly advocates, due to the current threat landscape, that patch management and endpoint security competency should be performed by a dedicated team, either internal or external. This team should have visibility onto these devices 24x7 regardless of location to ensure the best possible pro-active protection for today's mobile world.

Share

Securicom

Securicom is a leading managed IT services vendor in Africa, with global presence. It is one of a handful of local vendors to offer an end-to-end range of fully managed IT security services for the cloud, from the cloud. Its consumption-based services are available through a select partner network in Africa.

Securicom's holistic suite of solutions provides comprehensive weaponry and proactive defence against the host of threats that afflict businesses today from endpoint protection, managed firewalls, and advanced Fortigate reporting, to WAN and LAN optimisation; e-mail content management, and mobile device management.

Solutions are packaged to harness the capabilities of best-of-breed technologies including Symantec Brightmail, Riverbed, Fortinet, logMojo, and XenMobile. Solutions are hosted upstream at Securicom's highly-secure, local data centres.

Securicom has offices in Johannesburg, Cape Town and Namibia; and offers its services in 10 other African countries. For more information on Securicom, please visit www.securicom.co.za

Editorial contacts

Kerry Webb
Securicom
(082) 496 0713