BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Important Tips for Endpoint Protection

Posted June 18, 2010    Morey Haber

The guys at “Will it Blend” have done it again.  This time, they have proven through shear brute force that they can blend an iPad. This brute force and physical method for destroying the device is great marketing for their blender and if nothing else, rather entertaining.

So, without being so physical, can we destroy an iPad or other device? A quick search around the internet located various software updatesthat will near permanently destroy your device; although not physically it may make them just as useless. It is unrealistic for any administrator to test the durability of every new device and whether every update, patch, or signature update will be compatible with the environment or not and trash the device. Sometimes, just coming up with a stable baseline with various middleware, databases, and web services is tough enough. So what is an administrator to do in order to preserve business viability as various updates come out? Security best practices dictate strict change control, update testing, and documentation for any and every change. Unfortunately, many businesses just do not operate with such rigid, but essential controls.

What if you could introduce a tool to monitor your configuration, provide protection when patches are not deployed, and harden the software (sorry but protecting against a Blendtec blender is just not viable yet) to keep the device from turning into an electronic paperweight? Endpoint Protection Platformscan do just that. They combine legacy features like antivirus and anti-spyware with modern protection capabilities like application control, removable storage protection, buffer overflow protection, and intrusion prevention. They maintain a stable configuration and will thwart an attack even when no patch is present giving time for the system administrator to test a patch(es) before remediation. 

If you currently patch blindly (without first testing the updates a vendor sends out in a lab before production) please consider the following tips to keep updates from damaging your environment:

1) For Windows hosts, try a backup or at least a System Restore Point before installing any updates. This will allow you to roll back the registry and changes in case of undesirable results.

2) If possible, use a tool that can harden a host from undesirable changes that may occur from an authorized change. Many times updates fail and break solutions because malware or an unauthorized change has occurred that disrupted the accepted configuration.

3) Before any major patch release, such as a Service Pack, find a way to test the update. If you do not have a lab, virtualize the server using tools like VMWare P2V so that at least a dry run of the installation can be performed.

4) Try to adhere to a patching schedule. Make it a point to only apply patches on a predefined time and date verses “panic patching”. This will allow you to gauge whether an update really caused an issue verses tracking down a problem for an unknown reason.

5) Finally, do a little homework on the patch or let someone do the work for you. Webinars like the VEF (Vulnerability Expert Forum) are a great way to learn about new patches and what they will actually do to your system once applied.

Protecting your devices from incompatible updates is just as important as protecting them from malware and vulnerabilities. Not much will ever stop the Blendtec Blender but reasonable precautions and adopting basic best practices will help protect the system from patches that may have software and hardware incompatibilities and affect the basic operations and business functions the system is designed to perform.

Leave a Reply

Additional articles

Cavalancia-Headshot - Medium

Making Windows Endpoints the Least of your Worries

Posted September 2, 2015    Nick Cavalancia

We’re all concerned that someday an external hacker will try to gain access to your company’s critical data and systems. The problem? Your endpoints – both your workstations and servers – bypass (and often leave) the safety and security of your environment daily.

Tags:
, ,
powerbroker-difference-2

Why Customers Choose PowerBroker: Low Total Cost of Ownership

Posted September 2, 2015    Scott Lang

In a survey of more than 100 customers, those customers indicated that BeyondTrust’s low powerbroker-difference-2total cost of ownership was a competitive differentiator versus other options in the privileged account management market.

Tags:
, , ,
Larry-Brock-CISO

Passwords: A Hacker’s Best Friend

Posted September 1, 2015    Larry Brock

After all the years of talk about biometrics and multi-factor authentication, we still have passwords and will likely have them for a long time. Because many “high risk” systems require complex passwords (zk7&@1c6), most people that use them believe their passwords are secure. But they aren’t.

Tags:
, ,