BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Important Tips for Endpoint Protection

Posted June 18, 2010    Morey Haber

The guys at “Will it Blend” have done it again.  This time, they have proven through shear brute force that they can blend an iPad. This brute force and physical method for destroying the device is great marketing for their blender and if nothing else, rather entertaining.

So, without being so physical, can we destroy an iPad or other device? A quick search around the internet located various software updatesthat will near permanently destroy your device; although not physically it may make them just as useless. It is unrealistic for any administrator to test the durability of every new device and whether every update, patch, or signature update will be compatible with the environment or not and trash the device. Sometimes, just coming up with a stable baseline with various middleware, databases, and web services is tough enough. So what is an administrator to do in order to preserve business viability as various updates come out? Security best practices dictate strict change control, update testing, and documentation for any and every change. Unfortunately, many businesses just do not operate with such rigid, but essential controls.

What if you could introduce a tool to monitor your configuration, provide protection when patches are not deployed, and harden the software (sorry but protecting against a Blendtec blender is just not viable yet) to keep the device from turning into an electronic paperweight? Endpoint Protection Platformscan do just that. They combine legacy features like antivirus and anti-spyware with modern protection capabilities like application control, removable storage protection, buffer overflow protection, and intrusion prevention. They maintain a stable configuration and will thwart an attack even when no patch is present giving time for the system administrator to test a patch(es) before remediation. 

If you currently patch blindly (without first testing the updates a vendor sends out in a lab before production) please consider the following tips to keep updates from damaging your environment:

1) For Windows hosts, try a backup or at least a System Restore Point before installing any updates. This will allow you to roll back the registry and changes in case of undesirable results.

2) If possible, use a tool that can harden a host from undesirable changes that may occur from an authorized change. Many times updates fail and break solutions because malware or an unauthorized change has occurred that disrupted the accepted configuration.

3) Before any major patch release, such as a Service Pack, find a way to test the update. If you do not have a lab, virtualize the server using tools like VMWare P2V so that at least a dry run of the installation can be performed.

4) Try to adhere to a patching schedule. Make it a point to only apply patches on a predefined time and date verses “panic patching”. This will allow you to gauge whether an update really caused an issue verses tracking down a problem for an unknown reason.

5) Finally, do a little homework on the patch or let someone do the work for you. Webinars like the VEF (Vulnerability Expert Forum) are a great way to learn about new patches and what they will actually do to your system once applied.

Protecting your devices from incompatible updates is just as important as protecting them from malware and vulnerabilities. Not much will ever stop the Blendtec Blender but reasonable precautions and adopting basic best practices will help protect the system from patches that may have software and hardware incompatibilities and affect the basic operations and business functions the system is designed to perform.

Leave a Reply

Additional articles

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,