Essential Patch Management Practices To Safeguard Your Data

Antispam
Reading Time: 3 minutes

Safeguarding the data environment is of prime importance to any enterprise. Breach of data can lead to loss of business strategies and secrets, loss of sensitive customer/client data, disruption of business, and loss of trust. The business may also have to face lawsuits. Cyber criminals try to infiltrate the enterprise network to steal data. They try to exploit vulnerabilities in the network system. The Dark Web offers exploits, and exploits-as-a-service, which allows wannabe hackers to just purchase an exploit or the service without having to build it. It is in this dangerous scenario that IT administrators must protect their enterprise network from malicious intrusions. Patch management is a way of blocking some of these attacks. The operating system vendors and application developers release bug fixes as patches. This helps protect the enterprise from exploits. Manual patching is a tough process, hence a patch management system with an effctive patch management policy is necessary to ensure prompt patch updates.

Patch Management

Inventorize endpoints

Employ an appropriate system that detects all the devices/endpoints connected to the network. Identify the different operating systems and applications installed. Configure appropriate settings to ensure that auto-update takes place regularly. Have an option to manually update too. You should run a discovery tool periodically and regularly to ensure that all endpoints get inventoried. A vulnerability in a single endpoint can compromise the whole network.

Multi Operating System Support

An enterprise may have servers running on Windows and Linux, while the endpoints may be running Windows, Linux and Mac. Your patch management system must discover and support all types of platforms.

Third-Party Application Support

As stated earlier, the patch management system must not only manage updates for the operating systems, but also for the various third-party applications that run on the various servers and endpoints. Most windows patch management systems focus on the updates for the operating systems. But threat actors have hacked through vulnerabilities in flash, browsers and other applications. Hence, it is imperative that the patch management system discovers and inventories all applications on all devices and ensures that auto-updates takes place regularly. Some malware can disable auto-updates. This is dangerous as the IT administrator would believe that auto-updates would ensure patch updates. Hence, auto-updates must not be relied upon.

Patching Frequency

Each operating system vendor and application vendor releases patches at a certain frequency or as hotfixes for newly discovered serious vulnerabilities. If you have a patch management policy to follow a specific pattern of updating patches at a defined time interval of every week or two weeks or once a month – you are at risk. The time gap between the period when a vendor releases a patch and when you update provides a window for zero-day exploit attacks. Define a policy to update patches with a shorter frequency – say every week.

Diligently following theses practices in patch management will help ensure cyber security, and thwart attempts by malicious threat actors.

patch management

Related Resources:

Zero Trust Security

Zero Day Malware

Protect Your Legacy Systems

Protecting Mobile Users Against KRACK Attack
Reading Time: 2 minutes

Ignoring advice to patch systems can have severe consequences – as victims of the WannaCry and NotPetya ransomware attacks know. Earlier this year, Microsoft became aware of vulnerabilities in its legacy operating systems – Windows XP and Windows 7 OS versions – regarding the SMB v1 protocol, and it issued appropriate patches for the same. A proper way to secure an enterprise’s IT would be to ensure automatic patch updates using an effective patch management software.

patch management software

The WannaCry and NotPetya attacks were widespread and caused significant damage. While their spread had been contained by exploiting bugs in the malware code, cyber criminals demonstrated that they could quite quickly release modified versions that could not be contained. The NotPetya ransomware is considered not exactly a ransomware but a data destroyer under the guise of a ransomware. NotPetya targeted primarily Ukrainian government institutions security, raising suspicions of the involvement of a nation state.

The Need to Update Patches

This is a big question. IT security administrators in an enterprise know the importance of regular patch updates. It is not to be ignored. However, surveys have revealed that Enterprises still continue to use legacy operating systems that no longer receive any support from the software provider. Microsoft had stopped mainstream support for its Windows XP and Win 7 versions as early as in 2015, and it is providing extended support through security updates only until January 2020.

But even with the numerous vulnerabilities being exposed, many organizations continue to run Win XP OS and Win 7. The reasons for using these OSs being:

  • funding requirement for software upgrade
  • funding requirement for hardware upgrade
  • possible lack of support for vital, legacy applications

Why Some Organizations Don’t Apply Patches

The main reasons for not applying patch management software updates:

  • Negligence
  • Inability of the IT admin to manage patches for numerous endpoints
  • Lack of an automatic patch management software system
  • Possibility of new patch updates crashing the IT systems (this has happened quite frequently)
  • Fear of new OS patches rendering the applications incompatible with the OS

In many businesses, applications that are important for the business flow may be hosted on legacy systems. In this case, an OS update may need software updates which could be expensive and financially not feasible. In such cases, the enterprise must resort to alternate security measures:

  • Ensure enhanced security for legacy systems – employ regular vulnerability scans, and define stricter access control for those systems.
  • Regularly monitor these systems for any suspicious behavior – an effective endpoint security solution that monitors processes in real-time would be necessary.
  • Implement an automated patch management software system for other systems on the enterprise network.

patch management

A Basic Guide to Buying Patch Management Software

Website Security
Reading Time: 2 minutes

You have decided to purchase a Patch Management Software – that’s a good decision. Now, you must be wondering what features you need to look for when deciding on buying the software. There are a plethora of patch management softwares available, and hence picking the right one out will not be an easy task.

patch management software

Why Use Patch Management Software?

Patch management is a very critical task for the security of an enterprise. An unpatched system is vulnerable to exploits and security breaches. Manual windows patch management is not adequate, and hence patch management software is used to automate patch management for better security.

Keeping track of the various operating systems, applications, and devices—and ensuring that any updates for them are applied in a timely manner—is better handled automatically by a patch management software when your enterprise network has more than a couple of servers and endpoints. Regulatory compliance requirements also mandate requirement of an automated patch management system. Further, automation frees up IT administrators from the routine work, so they can focus on tasks that provide more revenue to the enterprise.

What Are The Types Of Patch Management Softwares?

They are basically of two types of patch management software – local agent-based patch management softwares and agentless patch management softwares. In agent-based patch, a local agent is installed on the endpoint. This manages the updates and periodically updates its status with the server. This method is quite useful for enterprises using many mobile endpoint systems/devices.

In agentless patch management, every endpoint device is tracked, and the applications are managed directly from the central server. Patch updates are rolled out directly to these devices. This has significant advantages over agent-based patch management softwares. If hackers have been able to compromise an endpoint, they would be able to disable or delete the agent, which would render the device unpatched and vulnerable.

Each system has its own advantages and disadvantages, and you have to choose the best option to suit your enterprise.

What are the Essential Features of a Patch Management Software

Manageability – an easy to use dashboard that provides both comprehensive and detailed information about the endpoints and application softwares on them, and the patch status. A complicated dashboard would not find favor with administrators and the security measure may fail. The dashboard should display, in real-time, the patches available and the status of their update.

Integration – Usually Patch Management Software is offered as part of bouquet of tools such as Remote Monitoring and Management, IT Service Desk and others. This software should integrate well with such other applications. It should not cause any conflict or affect the overall performance of the enterprise system and other third-party software applications.

patch management

Five Essential Criteria for Effective Patch Management

Patch Management
Reading Time: 3 minutes

The WannaCry ransomware attack, which was one of the largest cyber attacks faced recently, was based on exploit of a Windows OS vulnerability. Just a couple of months earlier, Microsoft had released patches in its MS 17-010 security update. This ransomware that spread across hundreds of countries and infected thousands of computers could have been blocked if appropriate patches had been applied in a timely manner.

patch management

The WannaCry ransomware typically targeted older versions of the Windows operating systems. Microsoft had stopped support for these versions some time back, and had advised those users to upgrade to the latest Windows operating system – Win 10. However, due to many reasons – some valid and some invalid, enterprises did not upgrade to Win 10.

The reasons include –

  • Necessary hardware upgrades which are deemed too expensive
  • Compatibility with existing software applications
  • Fear of performance of the new OS
  • Usage of unlicensed software

However, the implications of the WannaCry ransomware attack – the ransom demand, loss of data, business down time and loss of reputation – has highlighted the importance of patch management. And a name-only patch-management system will not serve the purpose. It must be effective.

1. Versatility

The patch-management system must be compatible with the multiple operating systems, applications and endpoint devices. Many types of endpoint devices are used by employees in an enterprise. Linux, Windows, Mac, and Android OSs are used in devices. Further, various third-party applications, antivirus software’s, etc. are used. The windows patch-management system must be able to manage the patches on these entities.

2. Effective Tracking

OS vendors and application vendors release updated patches from time to time or as hotfixes due to a critical emergency such as a malware outbreak. The patch-management system must check out the availability of patches for the OSs, and other applications, and download them onto the centralized management server, test them in a simulated environment for compatibility issues and then promptly roll them out to the endpoints. It is very important that the system regularly checks for availability of patches. The more frequently it does, the safer the endpoints and enterprise network.

3. Endpoint Monitoring

All endpoints must be continuously monitored and status of their patches must be updated with the patch management server. The status must be available in real-time on the management dashboard. Whenever a new patch has been downloaded onto the management server, the endpoint must check the server for availability of new patches and immediately initiate installation of those patch updates.

4. Patch Status Monitoring

Even after deployment of the patch, the patch-management system must keep continuously monitoring the patch requirements and ensure that the endpoints are always secured with the latest patches.

5. Adherence to Regulatory Requirements

Based on regulatory requirements, compliance to necessary and defined policies must be adhered to, constantly.

Ensuring the above-mentioned criteria can ensure effective patch-management throughout the enterprise IT systems.patch management

Related Resources:
Free Patch Management Software
Patch Management Software Comparison

Patch Management Metrics

3 Lessons We Can All Learn from The Equifax Hack

Reading Time: 3 minutes

For those of us who have a credit report, there’s a good chance that our sensitive personal information was exposed in a data breach at Equifax. They have since published steps to take to help protect information from being misused.

Although we are unlikely to know the full effects of the Equifax security breach any time soon, there are key actionable takeaways we can use to better protect ourselves from future security attacks.

1. Weak passwords matter

If you use weak passwords on any system, it makes the chances of it being coerced much higher. But people who use weak passwords also tend to use the same or similar passwords across multiple systems. If your password is “leadership”, then a hacker will check variants of that as well to see what other places you have used that password. Cyber attackers have built systems to automatically check obvious derivatives, adding numbers, and a symbol to the beginning or end are just the start. Using databases of known passwords allow them to quickly identify derivatives.

If you also use your corporate email address as your login name, then becoming an online copy of you is even easier. For example, if you use your corporate ID as a login for Linkedin, and that account is broken into, then the hacker can easily pretend to be you on Linkedin, speak to your clients, prospects and colleagues, and use this to socially engineer them into providing further private information.

Always use complex and/or long passwords to minimize this risk. Your IT department can help you force good password policy across your organization.

2. Pony Attacks

One of the ways that cyber attackers targeted Equifax customers was through the “pony” exploit. Pony malware is a Russian password stealer kit. It performs data exfiltration on the credentials of 90+ applications when it gains access to the machine. This type of malware can execute through a simple phishing attack or by a web application. Once the pony has its passwords, it deletes itself and becomes undetectable. There was also evidence of third-party application breaches, such as through LinkedIn, Dropbox, Forbes.com, Last.fm, and other hacktivism sets.

What this means is that malware was running on end users computers, and it stole their logins to multiple systems, including their login to Equifax. The only way to protect your users (and yourself) from malware infections is to run an Advanced Endpoint Protection (AEP) solution that both detects known malware and prevents infection from as yet unknown malware. Make sure all your endpoints are using an AEP solution that doesn’t just detect known malware, but also stops even unknown malware from infecting your systems.

3. The guidance of passwords issued by NIST have changed

Passwords are only one of many lines of defense, but it’s important to implement strong passwords using the best available practices. The National Institute of Standards and Technology (NIST) has published new guidance, and it’s worth noting. Here is the detail from NIST.

The guidance is this:

  • Use long passwords
  • Worry less about regularly changing them or using complex special character formats
  • Check passwords against list of commonly used ones,
  • Increase usability in creating and using passwords is more important than complexity.

I would encourage you to read the link above for full details, but the key thing is to make sure you and your users are aware that passwords  are just one link in the website security chain, and make use of advanced platforms for security monitoring and administration, such as the Comodo cWatch web and Comodo cWatch network platforms available for all sizes of business and enterprise. Your IT Department can ensure that good password policies are delivered across your organization.

A final word

As a final note, to keep informed about the evolution of malware around the globe, you can sign-up for the weekly Comodo Treat Intelligence Lab update at https://comodo.com/lab. It’s free and you will automatically receive a detailed weekly report on the spread of malware around the globe, plus when something important needs to be shared, we will also send you special reports.

Your Patch Management Will be Successful Only If

Reading Time: 3 minutes

There are a few rules associated with patch management which everyone implementing these tools should know to make the most of them. Rules which form the core of the patch management process, without which the whole process—no matter however meticulously planned—will eventually fail to safeguard your network against various security threats out there.

Here is a cheat sheet listing some of those patch management related rules which can go a long way in patching your network efficiently.
 

patch management

Your windows patch management will be successful only if…

1. You Know Your Network Well: First and foremost, you should know what your network contains, only then will you be able to address the problems. For this, you have to catalog or inventory your network’s devices using various asset discovery tools which are available in the market.

By doing so you’ll be killing two birds with one stone. That is, not only will you become aware of the defects of your network’s devices, but will also get a ‘rough estimate of how long it might take to fix or patch various computers in your network. This information will go a long way when it comes to critical patches which need to be implemented quickly.

2. You Realize Change Is The Only Constant: Nothing in this world remains constant. The same applies to computers as well. Taking into account the various security threats hitting the IT world, one can hardly expect a network infrastructure to remain the same over time. So enterprises have to understand this universal truth and should implement patch management tools which can seamlessly integrate as well as control such patching-related changes in your environment.

3. You Understand Every Device Has Different Requirements: There is no such thing as ‘one-patch-fits-all’ after the application of which you can rest in peace thinking your network will be safe forever. Ensuring your network contains the same devices and the same operating systems is easier said than done. In other words, practically impossible.

This is something you should bear in mind and select a patch management tool which can operate effectively in an IT environment which contains diverse devices.

4. You Understand Time Is Of The Essence: Security patches should be implemented as soon as they are released in the market. WannaCry ransomware served as the perfect example of what can happen if security patches are not implemented in a timely fashion.

Again this is easier said than done, because security patches are essentially changes to your environment. Incorporating such changes into your environment can be a tough task unless you have the right patch management tool in your hands.

5. Your Patch Management Tool Contains Automation Capabilities: Automation is key to successful patch management. Because patching involves many aspects, implementing or monitoring all of them manually is not humanly possible. Therefore while selecting your patch management tool, make sure they contain automation capabilities.

6. You Keep Things Simple: No matter how complex the technology you are dealing with, you should always remember this: keeping things simple is the key to getting your job done efficiently. This might seem like an unnecessary piece of advice, but most often than not we fail because we end up complicating things.

Therefore remember that patching, at the end of the day, is about keeping your systems up-to-date so that they remain secure against various evolving security threats and go about implementing your patch management strategy and tools accordingly.

Hope the information provided here proves useful to you when it comes to deploying your patch management strategy.

patch management

Understanding and Mitigating Bashware and Similar Threats

There is no such thing as good malware
Reading Time: 3 minutes

Every component of an operating system adds new functionality, and at the same time, creates potential openings for new forms of malware. Recently, a potential risk was identified with the Microsoft Windows subsystem for Linux (WSL), which is now part of Microsoft Windows 10.

It should be noted that at the time of writing, this is just a potential exploit, and not one that we have seen used by malware, as of yet.

The potential security implications of this feature and how most security software cannot cope with it were discussed in detail by Alex Ionescu last year at Black Hat (Here is the video https://www.youtube.com/watch?v=_p3RtkwstNk).

The issue is that WSL runs an instance of Ubuntu Linux on a Windows PC seamlessly, such that a piece of malware can hide itself inside this Linux instance while running on the PC.
This creates a situation that would be very difficult for a traditional detection-based solution to handle.

The process would be as follows:

  1. The user downloads and executes a file that has not previously been identified by the antivirus products installed and is, therefore, undetected by the antivirus software system.
  2. The executing file enables the Windows Subsystem for Linux (WSL) and sets it up in a similar way to a Docker container, by running the bash.exe command. The bash.exe command has a number of parameters that can be added, so it also has the potential to execute file-less malware.
  3. The malware executing file then installs a malicious payload inside the Linux instance and executes this payload.
  4. Because the malware is running inside a Linux container inside Windows, antivirus products on the Windows environment do not see it.

At this point, it’s important to note that Comodo Internet Security and Comodo Advanced Endpoint Protection (AEP) would have stopped this form of attack.

At Step 1, because dropper.exe is not going to be detected, it will be treated as an unknown file and will be executed in a Comodo Container.

Step 2 will, therefore, not work because when dropper.exe tries to execute bash.exe, bash.exe will also run inside the Comodo container, which will block all of its COM-based communication with LxssManager. Bash.exe is, therefore, going to produce an error:

malware block

Comodo uses containment technology, which virtualizes the HDD, Registry and COM, which prevents files and file-less malware from performing malicious activity, even when the file has not been previously identified as malware. When a file that has an unknown security status tries to execute, it is contained in a virtual container, and when the bash.exe command tries to run, its access to the COM will be blocked. This will generate an error in the bash execution, and the terminal window will be encased in a green border, indicating its contained status.

Both file-based and file-less malware are stopped by Comodo’s solution. Comodo’s containers have a proprietary virtual COM/LPC subsystem to provide COM/LPC support for applications running. LxssManager’s COM interfaces are intentionally not enabled inside the container right now and will be enabled once the technology matures. See https://github.com/ionescu007/lxss/blob/master/WSL-BlueHat-Final.pdf for the current problems.

As a vendor, we have been using virtualization-based security for malware defense for over a decade, since 2009. And as the cost of using virtualization has dropped, the practicality of this model has increased.

The method described above is one of the many ways malware writers can bypass security software in a post-virtualization era.

 

Patch Management Being Ignored

Patch Management Software
Reading Time: 2 minutes

Many enterprises are not giving due importance to patch management. Is this because they do not fully understand the importance of patch management? If the recent WannaCry attacks are anything to go by, the answer is most likely “yes.”

patch management

What Is Patch Management?

Patch Management is an activity that ensures all operating systems (OS), application software and security solutions in the IT infrastructure of an enterprise are kept up to date with the latest patches to ensure they function without bugs, and that the enterprise IT systems and network are kept secure from malware.

Many believe that setting up automatic updates for the OS and antivirus solution is enough. But this is a mistake that reveals a lack of understanding of the importance of windows patch management. Updating only your OS and antivirus can result in major vulnerabilities that cyber criminals can exploit. Analysis of cyber attacks has revealed that cyber criminals have exploited vulnerabilities in Adobe Flash, Reader, and other applications. Users would not typically suspect vulnerabilities in these applications. Even a non-updated browser is extremely vulnerable.

Missed Revenue

From a business point of view, it is a missed opportunity for Managed Service Providers (MSPs) to not offer patch management along with other services, like Remote Monitoring and Management, Endpoint Security, Service Desk, Mobile Device Management and other solutions. Providing patch management can generate more revenue with just a little more investment.

Versatile Patch Management Application

There are many patch management softwares available on the market. Some are versatile enough to support OS, hardware, and applications, while some have more limited capabilities. With huge competition in the market, the cost of these solutions is quite reasonable, and that raises the question: Why do enterprises fail to place due importance on patch management solutions? When you consider the huge price paid for attacks such as the WannaCry ransomware, investing in a robust and efficient patch management system is well worth it.

The Advantages of using Patch Management

  • Security from vulnerabilities
  • Bug fixes updated
  • Enterprises get better security with slightly more investment
  • MSPs can gain more revenue from their customers
  • IT administrators will be able to scan the complete enterprise network for patch update requirements for each type of OS, application, hardware, mobile device, etc
  • MSPs can test the patches in a test environment before rolling them out to each endpoint and target system. This helps prevent any crashes in the case of any mismatch between updated operating systems and applications.

patch management

Related Resources:
Free Patch Management Software
Patch Management Software Comparison

Patch Management Metrics

Do You Work For A Bunch Of Hippies On A Commune?

endpoint malware
Reading Time: 2 minutes

Some people would love to work for a highly ethical company, one where trust is absolute, and everyone is treated equally. Where peace and love are considered the only attributes. The challenge is these places are few and far between.

Imagine a place where you accept a job, and the company performs a background check. You pass the check and are hired. And you go to work to find that once inside the office, there are no locks, no passwords, no checks; everyone is allowed to see and use everything. The safe door is left open and everyone is just trusted.

This may sound like a fun place to work, but what happens when a person decides to walk off with the petty cash, or takes a copy of every employee’s credit cards and walks out the door. Obviously, that won’t happen in YOUR perfect company.

The example I’ve just given sounds preposterous, but it’s also the exact model that many business’s uses for security today.

Every business that uses a malware detection system that provides unfettered access to any file that is not already known to be a malware file, is in effect acting like the commune I mentioned above.

Imagine the scenario, a new file comes into the enterprise, and it is scanned by the malware scanner, and it’s found to not be known malware, it is then allowed to execute in the computing environment with unfettered access. If it turns out the file was actually a new piece of malware that had not been previously seen by the malware scanner, then it can infect, modify and destroy to its hearts content.

Why would you let this happen!

There is a solution that provides both detection and prevention of infection, that would stop this happening. In-fact It’s currently running on about 100 million systems, and there have been zero infections on any of these.

If this sounds like a system you would be interested in please visit https://enterprise.comodo.com

Related Resources:

Zero Trust Security

Zero Day Malware

The Right Way to do Patch Management

Network assessment
Reading Time: 3 minutes

It has been established without a doubt that patch management is very important. Now the question is, how to do it correctly? Though this is a challenging task, enterprises can put an effective patch management system in place. There are numerous patch management softwares available in the market. Choosing the correct software is of paramount importance for effective patch management.

patch management system

As an IT administrator, you must have a clear objective for your patch management program. Your intention should be to create an effectively configured environment that is kept protected from both known and unknown vulnerabilities in the different operating systems and application software in all the devices that are connected to the enterprise network.

Typical Manual Patch Management System

Many enterprises do not have an effective windows patch management system. They initiate the search and update process for a patch only after a user raises a complaint for some issue. This is called manual patch management, and while it gives the administrator full control of what is being patched, it can be a very cumbersome process in a large enterprise with diverse OS platforms. OS and application developers release “hot-fixes,” or important security updates that may be necessary to protect the enterprise from a currently running malware campaign. As an example, antivirus companies release updated virus definitions to thwart a zero-day malware campaign. If an enterprise depends on manual patch management, it is vulnerable until the IT administrator downloads and installs the update – which may be too late.

There are a few advantages to manual patch management. Notably, it allows:
IT administrators to test the patches in a test environment—the patches for a specific OS or application must not affect the existing compatibility and functioning of the applications. There have been numerous cases of updated patches crashing the enterprise network.
The IT administrator can choose which patches to apply

Automated Patch Management System

A dedicated tool that provides comprehensive Patch Management through automatic updates is the best bet for an enterprise. Surveys, as well as malware attacks such as the “WannaCry ransomware,” demonstrated the dangers of not updating on time. Months before the WannaCry attacks, Microsoft issued security patches for the vulnerability that WannaCry exploited. Reports after the outbreak revealed that it was only those systems that had not promptly updated those security patches that were affected.

So, what else must your Patch Management System support?

  • It must be automated
  • It must be able to check, acquire and install the patches for the various operating systems, software applications, antivirus solutions, and devices
  • The system dashboard must provide a comprehensive picture of the patch management status in all devices
  • It must be easy to manage
  • It must provide the ability to test patches and then roll them out to the devices/ endpoints

Utilizing an automated patch management system is the right way to do patch management.

patch management

Related Resources:
Free Patch Management Software
Patch Management Software Comparison

Patch Management Metrics