Recent attacks such as WannaCry and NotPetya have demonstrated hackers are more familiar with the vulnerabilities of unsupported systems than many organizations themselves.
When new patches are released, attackers easily reverse-engineer the updates and quickly find all the weaknesses in end-of-life (EOL) systems. Traditional security solutions are powerless in detecting and preventing these advanced attacks.
Systems often run critical business functions, have access to sensitive data, and have high performance and availability requirements, making it difficult to upgrade or replace when vendors discontinue security support. As a result, they are perfect targets for exploitation. They also often house lucrative data.
In addition to security threats, many of the regulatory and compliance mandates involve rigorous levels of security that EOL systems, just aren’t equipped to meet.
When systems go EOL, they can be easilyinfiltrated. This is often due to the lack of patch management at an organization or an effective endpoint protection solution. Vulnerabilities exist on EOL systems that will never be fixed. This is a critical area of focus for compliance professionals, as there is substantial risk taken by the organization in continuing to operate them.
There are compensating controls that businesses can implement to help reduce the liability associated with running EOL systems and keep them secure. Some of the key methods are application control/application whitelisting, network isolation or segmentation, and virtualization.
- Network Isolation/Segmentation: With network isolation, servers are isolated so they cannot access central services. Critical servers will interact with other systems on the isolated network, but cannot interact with any machines outside of the network or connect to the Internet. With network isolation, EOL devices are protected from threats, but these systems are limited from accessing other critical assets.. Seeing as most servers host critical applications that must be accessible to employees and connected to other corporate servers, this is likely not a viable option for most server workloads.
- Virtualization: Virtualization can be used to limit critical server exposure to and environment. If an asset becomes a target, it can be isolated and re-initialized. Hosting assets within a virtualized environment provides security benefits by increasing the control over critical assets as well as the ease at which systems can be re-imaged in the event of a compromise. However, for critical servers running applications that require round the clock access, virtualization represents a possibility of increased administration and resources. It can also lead to failed compliance policies since in-scope data must be controlled and cannot run within a virtual environment.
- Application Control and Whitelisting: Application Control or Whitelisting is a security model focused on allowing known “good” applications rather than blocking known “bad,” and is widely regarded as the industry’s best form for advanced threat prevention. It is ranked as the No. 1 mitigation technique against security threats by the ASD Essential 8. When implemented in “default-deny” mode, application whitelisting is a highly effective compensating control to meet regulatory compliance standards and harden out-of-date systems. By ensuring only trusted software is allowed to run, application whitelisting stops exploits and can reduce the administration associated with system and application patching and updates.
Carbon Black pioneered application control and whitelisting more than16 years ago and has worked with customers to deploy a solution that is a lightweight and easy to manage.
Application control/whitelisting can be deployed as a security control in lieu of regular patching and updates that are no longer available from Microsoft. This will extend the security window and protectunsupported devices from breach and data compromise past the EOL date.
When reviewing the capabilities of a compensating control such as whitelisting consider it can provide the following:
- Complete visibility into everything that is happening on servers and endpoint so compliance and risk can be measured
- Automated, real-time detection of zero-day and other advanced threats
- A change history and full audit trail of all server and endpoint activity along with real-time compliance risk measurement and reporting of systems, including those which are no longer supported. This reporting provides the actionable intelligence to monitor compliance, identify any unexpected activity or event, and proactively improve security posture
- Prevention to stop advanced threats and other forms of malware from executing, including targeted, customized attacks unique to an organization
- Integration across the existing security infrastructure to understand enterprise-wide compliance risk and exposure
- Built-in file-integrity monitoring, device control, and memory protection to block unauthorized change
- Harden new and legacy systems, with broad support for embedded, virtual, and physical OSes
- Out-of-the-box templates based on industry best practices keep management overhead low
- In-built workflow and automation mechanisms
- Cloud-based reputation and detonation helps make fast decisions about which software to trust
- Automatically trust software deployed by IT to keep administration easy and achieve fast time-to-value
Carbon Black is trusted by more than 3,000 organizations, including 30 of the Fortune 100, to protect their corporate endpoints and servers. Carbon Black has a proven track record implementing an affordable solution to ensure the continued security devices beyond end of life. For more details on this solution please click here and also check out a demo here.