A report from Secunia concludes that cybercriminals are effectively outdistancing IT admins when it comes to software patching and security. But the battle is far from lost, as savvy IT professionals have a wealth of electronic armaments they can throw at the problem.
The study says that – good though Microsoft is at patching its operating system and mainstream software – it is third-party applications that are now being targeted by cybercriminals.
And when you read that none of the top 20 software providers managed to decrease the number of vulnerabilities in their products over the last five years, you could be forgiven for a little doom and gloom creeping in on the security front.
That is, of course, until you realise that there’s a lot more to software security than securing the code of the application and its underlying operating system – essential as this process is. Technologies such as application whitelisting and applying privileges to software, rather than users, to prevent exploits of vulnerabilities are incredibly useful for keeping the cybercriminals and code hackers in their playpens.
Application whitelisting – the process of locking down which code can execute on an exclusive basis – can play a crucial part in securing an IT platform against vulnerability exploits. Put simply, even if hackers manage to discover and exploit a new zero-day vulnerability in a given application, then they cannot run any third-party code – or adapted existing code – that they try and introduce to the system.
And with the addition of privilege management to the security mix – namely the process of eliminating admin rights on all general user accounts and higher functionality to all but a few admin accounts – you create a least privilege/least risk software environment. In addition, I have found this approach to have an advantage of reducing IT costs for the company concerned.
Application whitelisting differs markedly from the signature-based approach of blocking/removing known harmful software that most anti-virus applications use, since that approach is more of a blacklisting methodology.
The bottom line here is that using application whitelisting in conjunction with privilege management – in parallel with existing software security methodologies – can go a long away to stopping the problem of cybercriminals exploiting any loopholes in your operating system and applications.
This is especially true in the case of the complex software portfolios and the use of less common applications in commercial environments – two issues that the Secunia report singles out, along with the fact that end points are now top targets in many businesses.
The important thing to realise when reading this report is that security is no longer the distinct black and white science it once was. The complexities of software security mean that application whitelisting and privilege management can easily be brought to bear on the problems that the Secunia study identifies.