BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Important Tips for Endpoint Protection

Posted June 18, 2010    Morey Haber

The guys at “Will it Blend” have done it again.  This time, they have proven through shear brute force that they can blend an iPad. This brute force and physical method for destroying the device is great marketing for their blender and if nothing else, rather entertaining.

So, without being so physical, can we destroy an iPad or other device? A quick search around the internet located various software updatesthat will near permanently destroy your device; although not physically it may make them just as useless. It is unrealistic for any administrator to test the durability of every new device and whether every update, patch, or signature update will be compatible with the environment or not and trash the device. Sometimes, just coming up with a stable baseline with various middleware, databases, and web services is tough enough. So what is an administrator to do in order to preserve business viability as various updates come out? Security best practices dictate strict change control, update testing, and documentation for any and every change. Unfortunately, many businesses just do not operate with such rigid, but essential controls.

What if you could introduce a tool to monitor your configuration, provide protection when patches are not deployed, and harden the software (sorry but protecting against a Blendtec blender is just not viable yet) to keep the device from turning into an electronic paperweight? Endpoint Protection Platformscan do just that. They combine legacy features like antivirus and anti-spyware with modern protection capabilities like application control, removable storage protection, buffer overflow protection, and intrusion prevention. They maintain a stable configuration and will thwart an attack even when no patch is present giving time for the system administrator to test a patch(es) before remediation. 

If you currently patch blindly (without first testing the updates a vendor sends out in a lab before production) please consider the following tips to keep updates from damaging your environment:

1) For Windows hosts, try a backup or at least a System Restore Point before installing any updates. This will allow you to roll back the registry and changes in case of undesirable results.

2) If possible, use a tool that can harden a host from undesirable changes that may occur from an authorized change. Many times updates fail and break solutions because malware or an unauthorized change has occurred that disrupted the accepted configuration.

3) Before any major patch release, such as a Service Pack, find a way to test the update. If you do not have a lab, virtualize the server using tools like VMWare P2V so that at least a dry run of the installation can be performed.

4) Try to adhere to a patching schedule. Make it a point to only apply patches on a predefined time and date verses “panic patching”. This will allow you to gauge whether an update really caused an issue verses tracking down a problem for an unknown reason.

5) Finally, do a little homework on the patch or let someone do the work for you. Webinars like the VEF (Vulnerability Expert Forum) are a great way to learn about new patches and what they will actually do to your system once applied.

Protecting your devices from incompatible updates is just as important as protecting them from malware and vulnerabilities. Not much will ever stop the Blendtec Blender but reasonable precautions and adopting basic best practices will help protect the system from patches that may have software and hardware incompatibilities and affect the basic operations and business functions the system is designed to perform.

Leave a Reply

Additional articles

ovum-research

New Analyst SWOT Assessment Identifies Key Strengths of PowerBroker

Posted November 24, 2014    Scott Lang

Following on the heels of the Gartner PAM market guide and Frost & Sullivan review of Password Safe comes a new analyst review of our BeyondInsight and PowerBroker platforms, a SWOT assessment of BeyondTrust written by Ovum. Ovum’s honest and thorough review of BeyondTrust indicates that we are delivering, “…an integrated, one-stop approach to PAM….

Tags:
, , ,

Patented Windows privilege management brings you unmatched benefits

Posted November 24, 2014    Scott Lang

We are pleased to announce that BeyondTrust has been granted a new U.S. Patent (No. 8,850,549) for privilege management, validating our approach to helping our customers achieve least privilege in Windows environments. The methods and systems that we employ for controlling access to resources and privileges per process are unique to BeyondTrust PowerBroker for Windows….

Tags:
6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,