The Patch Window Is Closing
When a security hole is uncovered, there is a brief span of time, known as the patch window, in which an SME can patch the system before an attack is unleashed. But according to Scott Montgomery, vice president of product management at Secure Computing, that window is quickly disappearing.
Now, attackers are discovering security holes and writing attacks almost instantly, causing the patch window to shrink at an alarming rate.
IT departments that are already heavily burdened with efforts to protect their systems are experiencing a lot of frustration over the disappearing window, due in large part to the increasing dexterity of attackers. Though the odds may seem insurmountable at times, there are measures IT departments can take to help keep the window open.
The Closing Window
Today, attackers use exploit code provided by tools such as Metasploit, which helps people create exploits (attacks) quickly and easily, and Fuzzers, which attack servers with millions of permutations of code searching for weaknesses.
“The Fuzzers report back how you should attack the server to get through,” says Montgomery. With these tools, attackers find any number of vulnerabilities and create and deploy attacks before their patches are released.
Tools such as these are helping attackers create about a hundred new viruses every few minutes, according to Montgomery, and security software can’t keep up. Plus, SMEs can’t always apply patches right away because attackers are finding vulnerabilities in the patches themselves and attacking those, too, according to Monte Robertson, president of Software Security Solutions. This leaves enterprises vulnerable to at least some attacks no matter what they do.
Employ Patch Management
SMEs may need to lock down systems more tightly, which will severely cut system usability, or be more aggressive in patching systems using patch management software, according to Roel Schouwenberg, senior antivirus researcher at Kaspersky Lab.
However, patches can create their own issues. Sometimes an in-house application relies on an older version of software in order to work, according to Robertson. Patching the vulnerability, then, essentially breaks the application. Patches can also have their own security vulnerabilities, which attackers are learning to find and exploit, according to Darril Gibson, IT trainer and author of several Microsoft exam guides published by Wiley, including “MCITP: Windows Server 2008 Administration Study Guide.”
“To prevent these issues, administrators can choose to test patches before releasing them into the network,” says Gibson. IT units run these tests using products such as WSUS (Windows Server Update Services), which is free; SMS (Systems Management Server); or SCCM (Systems Center Configuration Manager), which replaces SMS, Gibson explains. These products help IT to test patches and approve them for deployment.
Other Protective Measures
When you add more applications, you increase your area of vulnerability to attack, according to Robertson, so institute a policy that limits the programs users can install.
Exploits appear so frequently, it’s hard to keep track of them. IT can get a lot of information about unidentified security issues with products by following Web sites and publications such as Processor that discuss them, according to Schouwenberg, who says, “This can heighten your sensitivity to new attacks and to whether you are at risk.”
Limit the enterprise’s exposure to vulnerabilities by using a positive security model. Use security that doesn’t let anything in unless it’s known to be good, according to Montgomery. “Use Internet Reputation to see who is trying to connect to you before you let them in,” says Montgomery.
Use intent-based analysis to check traffic. “Look at what a payload’s intent is as it enters the network, before permitting entry,” says Montgomery. If the download intends to call back to the Internet to a different site than it came from, for example, to download other files that may be spyware or other attacks, then you shouldn’t let it in.
Pry The Window Open
Patching in time is no longer a satisfactory answer all on its own. Attackers are too well-informed and exploits are multiplying too fast for the current system of downloading patches to be sufficiently effective by itself. SMEs are all too often vulnerable to attacks no one is aware of until they strike.
A combination of patch testing using appropriate tools and patch management software can help to safely speed the patching process. By accelerating the patch process, limiting vulnerable applications, and using the most logical approaches to security, SMEs can maintain a balance of power against the onslaught of attacks.
Reproduced from an article published by Processor
© Processor
The original article can be viewed here:
http://www.processor.com/editorial/article.asp?article=articles%2Fp3024%2F3...
Permalink Bookmark Digg this story
