Keeping all patches up to date is key for business continuity as down time is the single greatest impact on business operations.
“You have to take the system completely out of operations and rebuild it and make sure all of the sub systems don’t have similar infections,” said Todd Feinman, CEO at Identify Finder.
Joey Peloquin, senior manager of threat intelligence and vulnerability management at Citrix, said that beyond down time exploit kits pose another threat to the enterprise: gathering credentials.
“It’s arguably a larger threat. If they are able to log keystrokes for domain credentials, they can potentially login and take advantage of rights and privileges in the environment. This could result in data exfiltration and leave the enterprise open to virtually every threat at that point,” Peloquin said.
“The best thing the industry can do is not write software that has vulnerabilities, but we know that’s not going to happen,” said Leonard.
Williams agreed. “Software itself has to be built with security in mind,” he said. “One thing to keep in mind is that these guys are really, really good at implementing new vulnerabilities."
In a world where we are only blocking what we know to be bad, we aren’t protecting ourselves.
Andrew Wertkin, CTO, BlueCat
As is often the case with solutions to security threats, there is no silver bullet. “Multiple strategies are necessary,” said Andrew Wertkin, CTO, BlueCat.
“There is traditional end point management, leveraging well known vulnerabilities that could have patches, and keeping protections up to date,” Wertkin continued.
Because enterprises are dealing with an expanding network and many more devices that might not have end point protection, “They need to be making sure any of the well know vulnerabilities that they use are patched,” Wertkin said. In addition, there are many other layers that need to be used.
Wertkin said, “DNS is used by exploit kits themselves or payloads to look for that suspicious behavior. There have been variances created and they often have similar patterns.” Wertkin also recommended, “Go to sites to see what the Internet gateway IP address is.”
While there are a variety of solutions in IT security, “In a world where we are only blocking what we know to be bad, we aren’t protecting ourselves. Enterprises need an appropriate security architecture where they can have a suspect-based and behavior-based analysis,” Wertkin said.
Attackers, though, are highly motivated. Most often they have a specific objective, said Ravi Devireddy, co-founder and CTO at E8 Security. Given that these attacks are not always random, Devireddy said, “The tools, techniques and procedures would be adapted and specific to the organization. It’s customized for that company.”
Criminals know that applying software patches can be intrusive and that not everyone is keeping their patches up to date, said Devireddy. “It’s a time consuming process. Increasingly we are seeing automation, but it does take time. The server side patch requires a reboot, and there is a business impact to that,” he continued.
Sign up for Computerworld eNewsletters.