Our Q4 2022 Cybersecurity Risks & Trends feature covers the topics of end-of-life software, the benefits of endpoint detection and response, and an explanation of attack surface management:
Managing End-of-Life Software
At some point, all software will reach the end of its life. This means manufacturers will no longer develop or service the product, discontinuing all technical support, bug fixes and security upgrades. As a result, this end-of-life (EOL) software will have known vulnerabilities that cybercriminals can easily exploit. In fact, a recent survey found that 60% of data breaches stem from unpatched known vulnerabilities.
Organizations may be hesitant to transition away from EOL software for a number of reasons, such as limited resources, a lack of critical features among new software or migration challenges. They may be especially reluctant when EOL systems are still functioning. However, continuing to use EOL software also comes with a myriad of risks, including heightened cybersecurity exposures, technology incompatibilities, reduced system performance levels, elevated operating costs and additional data compliance concerns.
With this in mind, it’s clear that proactive EOL software management is necessary to prevent unwelcome surprises and maintain organizational cybersecurity. As such, organizations should consider the following tips for ensuring effective EOL software management:
- Create a life cycle management plan. Proper planning for EOL software reduces cybersecurity vulnerabilities, lessens the risk of system downtime and helps companies stay compliant with applicable regulations. A life cycle management plan should outline ways to introduce new software and provide methods for phasing out unsupported software.
- Understand device history. Companies should use device management software that will automatically capture key information about devices when they connect with a network. Such software can provide a highly detailed network overview and enable organizations to push software updates, certifications and other necessary upgrades to numerous devices simultaneously.
- Monitor EOL status. Most major suppliers have life cycles for products and product components, including EOL dates. It’s best for organizations to review the EOL status of new software before selecting it for current use. Monitoring EOL dates will help organizations avoid any confusion regarding when devices or software will no longer be supported, enabling them to plan and budget for replacements as needed.
The Benefits of Endpoint Detection and Response Solutions
As digital threats grow more sophisticated and frequent, advanced cyberattacks have become increasingly difficult to identify in real time. Therefore, it’s important for organizations to prioritize cybersecurity measures that can analyze and respond to the constant barrage of cyberattacks—such as endpoint detection and response (EDR) solutions.
EDR is a cybersecurity solution that continuously monitors security-related threat information and endpoint data to detect and respond to ransomware and other types of malware. It provides visibility into security incidents occurring on endpoints—such as desktop computers, laptops, embedded devices and servers—to prevent damage and minimize future attacks. EDR solutions can offer a number of benefits to organizations and their cybersecurity teams, including:
- Improved visibility—EDR solutions continuously collect data and analytics before compiling them into a single, centralized system. These insights can give cybersecurity teams full visibility into the state of network endpoints from a single console.
- Timely investigations—Since EDR solutions automate data collection and processing, cybersecurity teams can gain immediate context regarding incidents and take steps to remediate them quickly.
- Automated remediation—Cybersecurity teams can allow EDR solutions to automatically perform certain incident response activities based on predefined rules, enabling them to block or rapidly mitigate incidents.
Attack Surface Management Explained
Attack surfaces refer to the total possible entry points (also known as attack vectors) for unauthorized access into any system. The recent rise of remote and hybrid work combined with the shift to the cloud and widespread implementation of software-as-a-service (SaaS) applications have made attack surfaces increasingly prominent, complex and difficult to defend against cyberattacks. As a result, organizations face the challenge of consistently monitoring their attack surfaces to identify, block and respond to threats as quickly as possible. That’s where attack surface management (ASM) can help.
ASM involves continuously monitoring potential attack vectors, including any method hackers may use to gain access to companies’ data or networks to facilitate cyberattacks. Organizations’ attack vectors are constantly changing but generally include four main surfaces:
- On-premises assets, such as hardware and servers
- Cloud assets, such as workloads, databases or SaaS applications
- External assets, such as an online service provided by an external vendor that may be integrated with the company’s network
- Subsidiary networks shared by more than one organization
ASM can provide companies with an inventory of exposed assets to accelerate responses to cyberthreats. This entails the following automated core processes:
- Asset discovery—This is a continuous process that scans for potential entry points for cyberattacks. These assets may include subsidiary assets, third-party or vendor assets, unknown or non-inventoried assets, known assets, or malicious or rogue assets.
- Classification and prioritization—Assets are analyzed and prioritized by the likelihood that hackers could use them as a target. They’re inventoried by their connections to other assets in the IT infrastructure, such as IP address, identity and ownership. Assets are also analyzed for exposures such as missing patches, coding errors and potential attacks, including ransomware or malware. Each vulnerable asset is assigned a risk score or security rating.
- Remediation—Potential vulnerabilities are remediated in order of priority. It may be necessary to apply software or operating system patches, debug application codes or use stronger data encryption. Previously unknown assets may need new security standards, or it may be necessary to integrate subsidiary assets in companies’ cybersecurity strategies.
- Monitoring—Security risks change whenever a new asset is deployed or existing assets are used in new ways. Networks and their inventoried assets are continuously monitored for vulnerabilities to allow ASM to find attack vectors in real time and give companies a chance to neutralize threats.
ASM not only helps protect organizations from cyberattacks, but it is also a practice frequently required by underwriters to obtain cyber insurance—thus making it all the more vital.