Virtual Patching in Mixed Environments: How It Works to Protect You

Similar documents
Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Stopping Advanced Persistent Threats In Cloud and DataCenters

Protect Your End-of-Life Windows Server 2003 Operating System

Network Security Protection Alternatives for the Cloud

Protect Your End-of-Life Windows Server 2003 Operating System

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

Securing the Modern Data Center with Trend Micro Deep Security

ForeScout ControlFabric TM Architecture

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Dynamic Datacenter Security Solidex, November 2009

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Best Practices in Securing a Multicloud World

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

DIGITAL LIFE E-GUIDE. A Guide to 2013 New Year s Resolutions

Automating the Top 20 CIS Critical Security Controls

Security Solutions. Overview. Business Needs

Securing Devices in the Internet of Things

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Choosing the Right Security Assessment

A Guide to Closing All Potential VDI Security Gaps

SECURING DEVICES IN THE INTERNET OF THINGS

SECURING DEVICES IN THE INTERNET OF THINGS

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

TREND MICRO SMART PROTECTION SUITES

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Comprehensive Database Security

Cyber Security Audit & Roadmap Business Process and

An ICS Whitepaper Choosing the Right Security Assessment

Securing Your Amazon Web Services Virtual Networks

Protecting Your Digital World

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Cisco ASA 5500 Series IPS Edition for the Enterprise

Simple and Powerful Security for PCI DSS

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

IBM Security Network Protection Solutions

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

SYMANTEC DATA CENTER SECURITY

TREND MICRO SMART PROTECTION SUITES

Securing Your Microsoft Azure Virtual Networks

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

CloudSOC and Security.cloud for Microsoft Office 365

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Moving Beyond Prevention: Proactive Security with Integrity Monitoring

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

with Advanced Protection

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

8 Must Have. Features for Risk-Based Vulnerability Management and More

Symantec Endpoint Protection

FIREWALL BEST PRACTICES TO BLOCK

Seqrite Endpoint Security

VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED

ForeScout Extended Module for Splunk

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Carbon Black PCI Compliance Mapping Checklist

Building Resilience in a Digital Enterprise

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

CyberArk Privileged Threat Analytics

Copyright

Symantec Protection Suite Add-On for Hosted Security

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Secure Access & SWIFT Customer Security Controls Framework

BUFFERZONE Advanced Endpoint Security

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

CAS Quick Deployment Guide January 2018

McAfee Embedded Control

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Trend Micro Deep Security

HEALTH CARE AND CYBER SECURITY:

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity

Symantec Endpoint Protection 14

Achieving End-to-End Security in the Internet of Things (IoT)

Have breaches declined since the massive Heartland Payments leak in 2008? What proportion of breaches are the result of hacking?

McAfee Embedded Control

mhealth SECURITY: STATS AND SOLUTIONS

What is Penetration Testing?

PT Unified Application Security Enforcement. ptsecurity.com

Correlation and Phishing

A (sample) computerized system for publishing the daily currency exchange rates

Advanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

locuz.com SOC Services

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

QUICK WINS: Why You Must Get Defensive About Application Security

TRUE SECURITY-AS-A-SERVICE

Security Gap Analysis: Aggregrated Results

Next Generation Privilege Identity Management

Transcription:

Virtual Patching in Mixed Environments: How It Works to Protect You

Vulnerabilities in Web applications, servers, and endpoints can pose significant threats to organizations if hackers use them to gain entry into enterprise networks. The fact that vulnerabilities are commonly used to facilitate attacks reveals how security gaps can lead to serious consequences such as loss of critical data and, subsequently, devastating financial losses. 1 Microsoft s decision to end its support for Windows Server 2003 and XP increased risks associated with malware infections and data breaches due to vulnerability exploitation caused by the nonissuance of security patches. Hackers are aware of this and will focus more on attacking exposed systems. Despite this, a Trend Micro survey revealed that only 35% of businesses have migrated away from Windows Server 2003 while two-thirds of those planning to do so expect to only in the next six months. Even more surprising, an Enterprise Strategy Group (ESG) revealed that 25% of enterprises will continue to indefinitely use Windows Server 2003 even without vendor support and maintenance. 2 As many enterprises face the challenge of keeping systems secure and continuously patched, hackers see an obvious attack vector. A single compromised server can make an entire network vulnerable to attacks, data loss, and malware infections. Inadequate and untimely protection can also make complying with regulations such as Payment Card Industry Data Security Standard (PCI DSS) 3.0 and others impossible. Common IT security challenges organizations face While IT security and operations teams face several challenges when dealing with data center and cloud deployments, some key examples include: Untimely release of patches for vulnerable systems Continued use of unsupported and unpatchable systems and applications Inconsistent patch cycles and infrequent release of emergency patches Business continuity interruptions 1 2 Trend Micro. (19 May 2015). TrendLabs Security Intelligence Blog. [1Q 2015 Security Roundup] Bad Ads and Zero Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices. Last accessed on 19 August 2015, http://blog.trendmicro.com/trendlabs-security-intelligence/1q-2015-security-roundup-bad-ads-and-zero-days-reemergingthreats-challenge-trust-in-supply-chains-and-best-practices/. Jon Oltsik, Sr. (11 May 2015). BrightTALK. Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Last accessed on 19 August 2015, https://www.brighttalk.com/webcast/1506/154857. 1 of 10 Virtual Patching in Mixed Environments: How It Works to Protect You

Patch rollbacks and intentional delays In a recent Protiviti survey, CIOs and IT directors gave patch management and vulnerability scanning a rating of only 6.9 in terms of importance as a security priority on a scale of 1 to 10. They instead gave utmost importance to issues such as advanced threat detection and incident response. 3 This challenge is further compounded by the increasing volume of significant attacks on organizations. In 2014, we saw two of the biggest vulnerabilities to date Shellshock and Heartbleed. 4, 5 These vulnerabilities remained unpatched for years without issue until it was discovered that they could put many open source applications that have always been seen as secure at risk. Heartbleed, in existence since 2011, in fact, affected 5% of selected top-level domains (TLDs) based on a scan of the top 1 million websites conducted in April 2014. 6 Around 6,000 mobile apps that access Heartbleed-vulnerable servers could also be affected. 7 Shellshock, in existence since 1989, meanwhile, was exploited in September 2014. This incident led to a plethora of attacks. Enterprises will almost always have unpatched vulnerabilities in systems and applications at any given point in time. These could be due to time and resource issues, a lag between when a vulnerability is discovered and a patch for it is issued, the unavailability of patches for systems and applications that have reached their end of life (EOL), and other reasons. There is a way to protect against vulnerabilities while minimizing the amount of time, effort, and resources required to do so virtual patching. 3 4 5 6 7 Protivity. (2015). Today s Enterprise Cyberthreats Lurk Amid Major Transformation: Assessing the Results of Protivity s 2015 IT Priorities Survey. Last accessed on 19 August 2015, http://www.protiviti.com/en-us/documents/surveys/2015-it-priorities- Survey-Protiviti.pdf. TrendLabs. (2015). Trend Micro Security News. Magnified Losses, Amplified Need for Cyber Attack Preparedness. Last accessed on 19 August 2015, http://www.trendmicro.com/vinfo/us/security/research-and-analysis/threatreports/roundup/magnified-losses-amplified-need-for-cyber-attack-preparedness. Pawan Kinger. (8 April 2014). TrendLabs Security Intelligence Blog. Skipping a Heartbeat: The Analysis of the Heartbleed OpenSSL Vulnerability. Last accessed on 19 August 2015, http://blog.trendmicro.com/trendlabs-security-intelligence/skippinga-heartbeat-the-analysis-of-the-heartbleed-openssl-vulnerability/. Maxim Goncharov. (10 April 2014). TrendLabs Security Intelligence Blog. Heartbleed Vulnerability Affects 5% of Select Top- Level Domains from Top 1M. Last accessed on 19 August 2015, http://blog.trendmicro.com/trendlabs-securityintelligence/heartbleed-vulnerability-affects-5-of-top-1-million-websites/. Veo Zhang. (15 April 2014). TrendLabs Security Intelligence Blog. Bundled OpenSSL Library Also Makes Apps and Android 4.1.1 Vulnerable to Heartbleed. Last accessed on 19 August 2015, http://blog.trendmicro.com/trendlabs-securityintelligence/bundled-openssl-library-also-makes-apps-and-android-411-vulnerable-to-heartbleed/. 2 of 10 Virtual Patching in Mixed Environments: How It Works to Protect You

What is virtual patching? Virtual patching or vulnerability shielding provides the same functionality as software patches by implementing protective network controls that can shield vulnerable servers from attacks. This approach enables security controls to virtually mend vulnerabilities found at the network layer, preventing them from being exploited while enterprises wait for vendors to release patches that they can then apply. It works on the premise that exploits take identifiable network paths to and from application vulnerabilities, making it possible to manipulate and protect vulnerable servers without actually patching exploitable systems. Effective virtual patching solutions control communications with target software. Host-based solutions are ideal, as perimeter solutions cannot provide effective protective mechanisms for each individual server, which is especially important in virtual and cloud-based deployments. The following technologies work together to deliver vulnerability protection: Intrusion detection and prevention systems (IDS/IPS): To protect unpatched network-facing systems, applications, and servers, this technology leverages smart rules and out-of-the-box vulnerability protection. Self-learning rules and comprehensive network behavior analysis makes it possible for these to: o o o Provide zero-day protection for known vulnerabilities for which patches have yet to be issued Block exploits to unknown vulnerabilities by examining all incoming and outgoing traffic for protocol deviations, policy violations, and attack signals Defend against Structured Query Language (SQL) injection, cross-site scripting (XSS), and other Web application vulnerability exploits Multilayer firewalls: To detect threats lying deep inside networks and prevent denial-ofservice (DoS) attacks, virtual patching leverages enterprise-grade, bidirectional stateful firewalls that: o o Decrease the possibility of attacks against physical, virtual, and cloud-based servers with fine-grained filtering, design policies per network, and location awareness across IP-based protocols and frame types Detect reconnaissance scans 3 of 10 Virtual Patching in Mixed Environments: How It Works to Protect You

Recommendation scanning: This capability automatically recommends which rules need to be deployed in order to optimize protection based on OS version, service pack, patch level, and installed applications, as well as which rules can be removed to minimize resource use. It also can be set to automatically and periodically rescan servers to ensure that there are no protection gaps. Virtual patching can either be integrated with traditional patch management solutions to protect critical systems until patches are deployed or be used as a permanent shield for unsupported and unpatchable systems. Additional host-based security controls can also play a critical role in protection. These should ideally be available in the same security platform. Examples include: Integrity monitoring to ensure that unplanned or suspicious changes are flagged Anti-malware with Web reputation controls to protect against malicious software, including viruses, spyware, worms, and Trojans 4 of 10 Virtual Patching in Mixed Environments: How It Works to Protect You

Virtual patching responsiveness One of the major patching issues is the significant delay between when a patch is released and when it is deployed across pertinent systems. Virtual patching protects organizations during this period of vulnerability. It prevents possible exploitation while businesses wait for patches to be deployed to affected systems. The following table and figure show how solutions with virtual patching such as Trend Micro Deep Security protect organizations against possible exploit attacks against known vulnerabilities. 8 Vulnerability Time/Date vulnerability was disclosed Date patch was released Date first attack was reported Average amount of time that passed between patch release and deployment Heartbleed 7 April 2014 7 April 2014 8 April 2014 30 days Shellshock 24 September 2014 24 September 2014 25 September 2014 30 days POODLE 14 October 2014 14 October 2014 (Unknown) 30 days FREAK 4 March 2015 4 March 2015 (Unknown) 30 days The reality is that making software free from vulnerabilities is difficult and expensive, if not completely impossible. For every thousand lines of code, you can expect to find 15 to 50 errors of some kind. Maybe you can get that error rate down for truly critical applications like space exploration, but that adds time and money to the cost of software development. Raimund Genes, Trend Micro CTO 8 Trend Micro. (2015). Trend Micro Deep Security Platform. Last accessed on 19 August 2015, http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/. 5 of 10 Virtual Patching in Mixed Environments: How It Works to Protect You

Organizations often take up to 30 days before being able to deploy patches to systems and applications. It may take them months or even years, meanwhile, to update more complex business applications and systems. As such, even if vendors immediately release patches, enterprises still suffer windows of exposure to attacks due to patch deployment delays. 6 of 10 Virtual Patching in Mixed Environments: How It Works to Protect You

Maximizing virtual patching benefits Attackers often exploit vulnerabilities to infiltrate target networks. Old and new vulnerabilities are both fair game due mostly to the absence of patches for new ones and the reliability and effectiveness of older ones. Timely patching is expensive and could be prone to errors when deployed without testing in network environments. These also open networks up to zeroday exploits and other threats. Threats unpatched vulnerabilities pose: Critical data exposure Security measure compromise Network and system compromise Virtual patching protects against software, Web Financial loss application, and server vulnerabilities from exploit Reputation attacks. It addresses the challenge that comes with the damage continuous influx of high-profile vulnerabilities and critical updates. It also allows organizations to manage complex patching and vulnerability management challenges despite ongoing infrastructure changes brought about by virtualization and cloud adoption. Effective virtual patching solutions should work across environments comprising: Virtual and physical servers Cloud workloads Endpoints for users Utilizing virtual patching as a complement to standard patching, organizations can not only mitigate the risks that come with exploits but also minimize operational and financial problems related to standard patching. Regardless of how well organizations keep up with standard patching tasks, to be adequately protected, they should employ host-based security technologies with virtual patching capabilities. Trend Micro Deep Security and Trend Micro Vulnerability Protection, part of the Trend Micro Smart Protection Suites, help protect applications, servers, and endpoints against 7 of 10 Virtual Patching in Mixed Environments: How It Works to Protect You

the risks that unpatched vulnerabilities and zero-day exploits pose while minimizing operational impact. 9 Consider the POODLE attack, which leveraged a 15-year-old vulnerability found in Secure Sockets Layer (SSL) version 3.0. 10 It took the vendor 15 days to release a patch but it took less than 24 hours for Trend Micro to release and protect customers via a virtual patch for servers and endpoints alike. The same is true for FREAK, which has been present for many years. It took its vendor around 35 days to release a patched. But it took Trend Micro less than 24 hours to protect our customers via a virtual patch. Through virtual patching via the use of IDSs/IPSs, enterprises were quickly and painlessly secured from exploits for recent vulnerabilities such as POODLE and FREAK as well as other notable threats such as Heartbleed and Shellshock. Even the large number of enterprises still using platforms that have already reached their EOL such as Windows Server 2003 and XP can rapidly and consistently stay protected from exploits that take advantage of the fact that Microsoft no longer issues patches for these. Trend Micro Deep Security s automated security also protects both virtual and cloud environments, ensuring that as organizations move to the cloud, they can use a single solution to consistently protect them. 9 10 Trend Micro. (2015). Trend Micro Vulnerability Protection. Last accessed on 19 August 2015, http://www.trendmicro.com/us/enterprise/product-security/vulnerability-protection/. TrendLabs. (15 October 2014). Trend Micro Security News. What to Do as Experts Reveal POODLE Attack on Flawed SSL 3.0. Last accessed on 19 August 2015, http://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/what-todo-as-experts-reveal-poodle-attack-on-flawed-ssl-3-0. 8 of 10 Virtual Patching in Mixed Environments: How It Works to Protect You

Conclusion In sum, enterprises are at risk of vulnerability exploitation and are often challenged to keep up with standard patching, especially against major vulnerabilities such as Shellshock and Heartbleed. Even with standard patching, enterprises still suffer windows of exposure. It does not help that a large number of enterprises still use outdated applications such as Windows Server 2003 and XP. Fortunately, Trend Micro solutions have virtual patching capabilities that can shield organizations against vulnerability exploits either until patches for them are deployed or indefinitely, as in cases where patches will no longer be made available. Enterprises that want to keep vulnerabilities in their systems and applications from being exploited can turn to virtual patching for quick-to-deploy and easy-to-manage solutions. For more details on how virtual patching works, visit the Trend Micro Virtual Patching page. Arm yourself with the latest information on vulnerabilities as well with the help of the Trend Micro Threat Encyclopedia. 9 of 10 Virtual Patching in Mixed Environments: How It Works to Protect You

TREND MICRO TM Trend Micro Incorporated, a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years experience, we deliver top ranked client, server, and cloud-based security that fits our customers and partners needs; stops new threats faster; and protects data in physical, virtualized, and cloud environments. Powered by the Trend Micro Smart Protection Network infrastructure, our industry-leading cloud-computing security technology, products and services stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. 2015 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback