RESEARCH PAPER. Third-party applications in the enterprise. Management and risk mitigation of third-party applications. January 2013.
|
|
- Garey Chambers
- 8 years ago
- Views:
Transcription
1 RESEARCH PAPER Third-party applications in the enterprise Management and risk mitigation of third-party applications January 2013 Sponsored by
2 Contents Executive summary Third-party applications the hackers choice The unauthorised desktop Third-party risks to security Protection: patchy at best Is patching a priority? Validating IT assets Misplaced confidence Conclusion About the sponsor, Lumension p3 p3 p4 p5 p7 p8 p8 p9 p10 p12 This document is property of Incisive Media. Reproduction and distribution of this publication in any form without prior written permission is forbidden. 2 Computing research paper sponsored by Lumension
3 Executive summary Third-party applications, browsers and plugins have become the attack vector of choice for the modern cyber criminal. Computing surveyed over 200 UK business decision makers to understand how they perceived the risks that they faced from third-party applications. We set out to understand how they were managing and mitigating the challenges to employee productivity, compliance and information security. This paper features a detailed discussion of the survey findings alongside analysis of how third-party applications have come to pose such a threat. The paper discusses why vulnerabilities for which remediation is available are so widespread and why business organisations are often slow to deploy up-to-date versions of popular third-party applications and security patches. The paper concludes with a discussion of why only a holistic approach to endpoint security management can empower organisations to realise the benefits of third-party applications whilst mitigating the risks that they can present. Third-party applications the hackers choice The economic environment and outlook for the enterprise remains challenging, and the drive for businesses to reduce costs and boost competitiveness remains remorseless. These pressures make third-party applications such as Adobe Flash, Java Runtime Environment, and Apple QuickTime particularly attractive and convenient from a management point of view. These applications have become ubiquitous and can be found on almost every business desktop. Coupled with the proliferation of third-party applications in the enterprise have been some real improvements in the security of client computing platforms, specifically Microsoft s Windows. Significantly fewer vulnerabilities exist in Windows 7 than in Windows XP, so attacking the operating system directly is becoming more difficult. The combination of the ubiquity of third-party applications and improvements in operating system security mean that third-party applications have become the attack vector of choice for the hacking community. Adobe Flash and Acrobat/Reader vulnerabilities occur five times in Kaspersky Labs Top 10 Vulnerabilities report for the third quarter of Oracle, Java and Apple itunes and Quicktime also feature prominently. For the first time in recent memory, Microsoft is absent from the list. 1 Attack vectors are changing, and all the while the volume of malware in circulation is increasing. Millions of new malware signatures continue to be identified every month. 1 Kaspersky, Q3 Cyberthreats: Java and Oracle top vulnerability list and cyber- espionage continues in Middle East (Nov-2012). Computing research paper sponsored by Lumension 3
4 The unauthorised desktop Computing set out to establish how UK business organisations are responding to the security challenges posed by third-party applications. The first part of this process involves simply knowing exactly what applications are running on corporate endpoints. We asked Are you confident that your endpoints are running only authorised applications? (Fig. 1). Only 54 percent of respondents to this question had technical enforcement in place, allowing them to be completely confident that only authorised applications were executing within corporate boundaries. 44 percent of respondents stated that policies were in place but not enforced, and two percent admitted that they were not confident at all and had no way of knowing what was running on their desktops. Fig. 1 : Are you confident that your endpoints are running only authorised applications? 2% 44% 54% Yes; we have technical enforcement means in place Somewhat; we only have policies in place No; we have no way of knowing This is a worrying finding for reasons of productivity as well as security. Local administration rights for users seems to be corresponding to a much busier desktop for business users, but this activity is often unrelated to business. Computing asked Beyond malware, what third-party apps concern you the most? 70 percent of those responding to this question stated that undesired applications such as social networking, VoIP, chat, shopping and games were a concern to them. These are drains on employee productivity of the highest order. However, a reduction in productivity is just one reason to be concerned about unauthorised applications. There is also the spectre of users conducting illegal activities from within corporate network boundaries activities for which the organisation itself may be at least partly legally liable. This is why 68 percent of those surveyed also had concerns about unauthorised packages such as personal utilities, hacking tools and unlicensed software and 49 percent were worried about peer-to-peer activity, copy protection violation and network scanning activity. Activity like this has a very serious implication for corporate compliance with legislative and industry controls on data protection. 4 Computing research paper sponsored by Lumension
5 Activities such as file sharing, in addition to being legally dubious, are also drains on network resource. Many business organisations which have chosen to invest in network bandwidth will be unimpressed at the prospect of it being utilised by employees conducting file sharing activities or perhaps streaming sporting events to their desktops. 55 percent of those surveyed stated that they had concerns about this type of resource hogging. In addition to stealing business network resource, unauthorised applications can also cause some serious management headaches. Fifty-one percent of respondents stated that they had concerns about bloatware bundled into legitimate applications such as browser toolbars. These unwanted applications that are bundled in with free downloads and new machines slow down legitimate applications and annoy almost everybody. Their removal sucks up resource that could be expended in a more strategic manner. (Fig. 2). Fig. 2 : Beyond malware, what sorts of 3rd party apps concern you most? Undesired apps (e.g., social networking, VoIP, chat, shopping, games) Unauthorized packages (e.g., personal utilities, hacking tools, unlicensed software) Resource hogs (e.g., distributed computing, file sharing, streaming media) Bloatware (apps installed along with legitimate software, such as browser toolbars) Liability software (e.g., Peer-to-Peer, copy protection cracking, network scanners) Other 70% 68% 55% 51% 49% 1% *Respondents could select more than one answer. Third-party risks to security If the effect on corporate productivity, resources and compliance of third-party applications is potentially harmful, the security of these applications carries some more potentially more alarming implications. Computing asked How serious do you believe the risk to your organisation from vulnerabilities in third-party applications to be? Organisations are clearly aware of the dangers. One third of those responding to the question believed the risk to be either high or very high. A further 46 percent believed the risk to be moderate. Only 20 percent of those responding believed that the risk to their organisations was low and only one percent did not perceive a risk at all. Our respondents are right to believe that the risk to their business organisations from vulnerabilities in third-party applications is significant. Indeed, recent findings from various anti-virus vendors would indicate that vulnerabilities in third-party applications account for a significant majority of incidences of malware on Windows endpoints. Computing research paper sponsored by Lumension 5
6 For example, the Secunia Annual Report 2011 (published February 2012) found that on a typical Windows laptop containing 28 Microsoft applications and 22 third-party ones, 78.9 percent of the vulnerabilities existed in the third-party programs. What is more, this typical box requires 12 updaters one from Microsoft and 11 for the third-party applications. The majority of attacks are exploiting vulnerabilities for which remediation is readily available. These findings are brought into sharper focus still when the results of the following question are considered. Computing asked How many third-party updaters are being used within your environment? (Fig. 3). Only 16 percent were confident enough to state their belief that none were being used. Fig. 3 : How many third-party updaters are being used in your environment? 16% 2% 3% 19% 33% Don t know 1 to 2 3 to 5 6 to or more None 27% Another third-party angle that organisations face risks from is that of malware arriving into the corporate network via removable media. The USB drive is an easy way for employees, either with malevolent intent or more commonly in error, to execute unauthorised applications which pose a risk to the security of their employers data. Computing asked Do you have protection against physically borne malware? The largest proportion of respondents (37%) stated that they managed the use of removable devices via technical means. A rather more authoritarian 14 percent prevented the use of all removable storage devices. However, 34 percent stated that whilst policies on removable media were in place they did not back these policies up with technical enforcement and 15 percent admitted that they had no control at all. 6 Computing research paper sponsored by Lumension
7 Protection: patchy at best So, what are the implications of employees using outdated versions of third-party software and browser plugins? A common fear is that of the zero day attack. The zero day attack exploits a vulnerability that is, until the knowledge of the attack spreads, unknown. Despite the recent spate of high profile zero-day attacks, and their use in some well-known APT attacks, for the most part they are not as common as perceived. In fact, the majority of attacks today are still exploiting vulnerabilities for which remediation is readily available. Asked about their patch management process, the key finding was the fact that a mere 27 percent of respondents described their patch management process as robust (Fig. 4). Fig. 4 : How would you describe your current patch management process? Robust 27% Operational 48% Modest 19% Ad hoc 6% Non-existent 0% If these findings go some way to explaining why third-party applications are so attractive to the cyber criminal, the answers to the following question make it crystal clear. Computing asked How long does it typically take you to deploy security patches for third-party apps when they become available? Only just over one quarter (26%) of respondents stated that security patches were rolled out immediately. This is a worrying finding. Attackers need a week or two at most to identify vulnerabilities and exploit them. Some individuals have argued that seeing as all business organisations face a window of exposure from zero day malware, prompt patching does not reduce risk sufficiently to justify resource expended upon it. This is a fatalistic and ill-advised approach to risk management. While not all vulnerabilities have a patch at the time they are found, the vast majority do. Within 30 days of disclosure virtually all do. Not deploying patches as soon as they become available increases the window of exposure and opens a few doors as well. The largest proportion of respondents to this question (37%) stated that patches for third-party applications were deployed in one to two weeks. Whilst not best practice, taking between one and two weeks to test and deploy a patch is probably realistic. However, a further nine percent took between two and three weeks; 13 percent took up to four weeks; and 15 percent took even longer than four weeks. For those who believe they can leave the job to anti-virus software, a Cyveillance report published in 2010 will be sobering reading. On average, leading anti-virus solutions detected new malware just 19 percent of the time immediately after discovery, and just 62 percent of the time after 30 days. When faced with findings like these, it is easy to see why attackers are focusing their activities on vulnerabilities in third-party applications for which remediation is readily available. Computing research paper sponsored by Lumension 7
8 Is patching a priority? Computing asked our respondents why they were failing to deploy patches immediately. A huge 77 percent of respondents stated that the testing and validation process for patches simply took time (Fig. 5). The balance between the security of operations and stability is clearly still a tight rope that is as difficult for business organisations to walk as it ever was. Each security patch needs to be assessed for its impact on an organisations infrastructure and operations and this is not a speedy process. Fig. 5 : Why do you not apply patches immediately? Testing and validation takes time Inadequate resources Service level concerns Inadequate patch management tools Other 77% 47% 28% 15% 3% *Respondents could select more than one answer. The remaining answers to this question are all related. Inadequate resources for patching were cited by 47 percent; 28 percent stated that deploying all patches as soon as they became available would have an impact on their service levels to the business; 15 percent of respondents blamed inadequate patch management tools. The findings indicate that organisations believe that patching vulnerabilities in third-party applications should be a priority. Organisations would deploy security patches more promptly if they were able to. They are simply constrained by operational concerns and tightly stretched resources. Validating IT assets Patch management has been made infinitely more difficult in the Bring Your Own Device (BYOD) era. Computing asked How often do you validate IT asset registration in your patch management tools? Best practice for this would be weekly, or at least monthly, but only 15 percent of respondents to this question did so weekly and 25 percent monthly. The largest proportion of respondents (44%) stated that they validated assets a few times per year. However, an optimistic 12 percent of respondents said that they had never validated IT asset registration and four percent had only done so once. This is a dangerous position to be in. Whilst BYOD has made patch management (and indeed many other areas) more difficult, organisations are running considerable risks with information security and data protection regulations if they do not rise to the challenge. 8 Computing research paper sponsored by Lumension
9 Misplaced confidence Computing asked what metrics our respondents used to measure the success of their patch management process. Only 12 percent actually measured time-to-patch. A small number of respondents (6%) said that they did not have metrics in place at all (Fig. 6). Fig. 6 : What metrics do you use to assess the success of your patch management process? 12% 6% 19% 36% Systems in compliance Adherence to policy Vulnerability scans Time-to-patch None 27% Again, the findings from this question indicate that time-to-patch does not feature highly in many organisations criteria of what makes a successful patch management regime and would indicate that cyber attackers will continue to be successful when focussing their activities on exploiting vulnerabilities in older versions of third-party applications and browser plugins. Of course, patching known vulnerabilities is not the only way that organisations can or should be mitigating the risks that they face from third-party applications be they authorised applications or not. Computing asked about the technologies in use to protect against exploits taking advantage of the patch gap (Fig. 7). Fig. 7 : What technologies do you rely on to protect against exploits taking advantage of the patch gap? Antivirus Web filtering Application firewall Application whitelisting Other 96% 77% 71% 31% 3% *Respondents could select more than one answer. Computing research paper sponsored by Lumension 9
10 A huge 96 percent of respondents used anti-virus software to protect their organisations from exploits. The only surprising thing about this particular finding was that it was not 100 percent who did so! Seventy-seven percent had web filtering software in place and 71 percent had an application firewall. Less than a third of respondents (31%) had any sort of application whitelisting in place. It would seem that the majority of our respondents are aware that relying on stand-alone anti-virus software to protect information assets is a mistaken approach, as we have seen above. The information security of business organisations is being subjected to a perfect storm. The changes in working practices being driven by BYOD, increasing levels of home and remote working and the cloud are not so much rendering corporate network boundaries as elastic but exploding them altogether. As the volume of threats and the speed with which vulnerabilities are reverse engineered continues to rise, organisations should be combining technologies for a true, defence-in-depth approach. Conclusion Our survey has found that business organisations in the UK are struggling to address the risk to their information security that arises from vulnerabilities in third-party applications and plugins. As operating system vendors have tightened up security loopholes, third-party applications and browsers are now the favoured attack vector of cyber criminals. Organisations may feel that the not inconsiderable time taken making sure that patches are promptly applied could be better spent elsewhere, but as we have seen, balancing IT productivity against system security is a false dichotomy. Rather, not installing updates promptly carries the risk of more time and effort needing to be spent getting systems up and running again after an attack, not to mention lost productivity, lost or stolen data, and possibly legal costs too. However, despite the risks to data security, brand etc. as well as the potential costs of cleaning up after successful attacks, it would seems that organisations are not concerned enough to deploy security patches as soon as they are made available. The practicalities of patch deployment are not always straight forward and each new patch needs to be tested and validated before deployment if the balance between the security and stability of systems is to be maintained. One approach would simply be to ban the use of third-party applications, cut back on their use or replace them with less popular equivalents. The first two options could have serious repercussions on employee productivity and seems a retrograde step in the face of the evolution in working practices that BYOD, better connectivity, the cloud and social media have brought about. If enough organisations chose the approach of replacing third-party applications with less popular versions, it is likely that attackers would simply refocus their activity on the newer applications once a critical mass had been achieved. Replacing applications might well buy organisations a little time but it is not a long term solution. Relying on technologies such as anti-virus software and web filtering to bridge the gap between vulnerabilities being announced and patches being deployed is also not a solution in itself. Both technologies are essentially reactive and whilst some protection is better than none, organisations need to take a more proactive approach to the security of third-party applications. As is often the case, mitigating the risk from third-party applications requires a holistic approach, encompassing 10 Computing research paper sponsored by Lumension
11 patch management, application control, anti-virus and device control as part of a complete endpoint security management programme. Application control can be seen as the very definition of proactive security management. Unauthorised and unwanted third-party applications are a major source of vulnerabilities. Not only that, but they take up a disproportionate amount of time and effort in terms of patching and updates. By enforcing flexible application whitelisting it puts control back in the hands of the IT team. This can allow organisations to identify and prevent the installation and execution of any unwanted, untrusted or malicious applications without having to rely on the latest anti-virus definitions and vulnerability patches. As a result organisations can enjoy the benefits that third-party applications can bring to their business whilst at the same time reducing the risks that these applications pose to a level that they can live with. Computing research paper sponsored by Lumension 11
12 About the sponsor, Lumension Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, Antivirus and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Texas, Florida, Washington D.C., Ireland, Luxembourg, Singapore, the United Kingdom, and Australia. Contact Lumension: Call: +44 (0) Visit: 12 Computing research paper sponsored by Lumension
Closing the Antivirus Protection Gap
A comparative study on effective endpoint protection strategies May 2012 WP-EN-05-07-12 Introduction Corporate economic concerns have put increased pressure on already limited IT resources in recent years
More informationLumension Guide to Patch Management Best Practices
Lumension Guide to Patch Management Best Practices With the sophistication and sheer volume of exploits targeting major applications and operating systems, the speed of assessment and deployment of security
More informationFederal Cyber Security Outlook for 2010
Federal Cyber Security Outlook for 2010 National IT Security Challenges Mounting How well prepared are IT professionals within U.S. government agencies to respond to foreign cyber threats? Will government
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationYOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next
YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege: Guard the Gaps with Patch Management 1.0
More informationWHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security
WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security A World of Constant Threat We live in a world on constant threat. Every hour of every day in every country around the globe hackers
More information4 Steps to Effective Mobile Application Security
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
More informationEndpoint Security and the Case For Automated Sandboxing
WHITE PAPER Endpoint Security and the Case For Automated Sandboxing https://enterprise.comodo.com A World of Constant Threat We live in a world of constant threat. Hackers around the globe work every hour
More informationWhy Free Patch Management Tools Could Cost You More
Why Free Patch Management Tools Could Cost You More Selecting the right solution can save your organization time and money By KACE & Lumension Table of Contents 1.0 Introduction... 3 2.0 Point Patching
More informationFive Tips to Reduce Risk From Modern Web Threats
Five Tips to Reduce Risk From Modern Web Threats By Chris McCormack, Senior Product Marketing Manager and Chester Wisniewski, Senior Security Advisor Modern web threats can infect your network, subvert
More informationDigital Consumer s Online Trends and Risks
Digital Consumer s Online Trends and Risks Modern consumers live a full-scale digital life. Their virtual assets like personal photos and videos, work documents, passwords to access social networking and
More informationDOBUS And SBL Cloud Services Brochure
01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted
More informationPractical Patch Compliance
Practical Patch Compliance Relieving IT Security Audit Pain, From the Data Center to the Desktop Microsoft s System Center Configuration Manager doesn t handle every aspect of Linux/UNIX and third-party
More informationIBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
More informationGlobal IT Security Risks
Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most
More informationThink Your Anti-Virus Software Is Working? Think Again.
Think Your Anti-Virus Software Is Working? Think Again. As attacks proliferate, anti-virus software can t keep up. Fortunately, there s a better way. We ve been so bombarded by computer viruses, worms,
More informationGuide Antivirus. You wouldn t leave the door to your premises open at night. So why risk doing the same with your network?
You wouldn t leave the door to your premises open at night. So why risk doing the same with your network? Most businesses know the importance of installing antivirus products on their PCs to securely protect
More informationKaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com
Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two
More informationClosing the Vulnerability Gap of Third- Party Patching
SOLUTION BRIEF: THIRD-PARTY PATCH MANAGEMENT........................................ Closing the Vulnerability Gap of Third- Party Patching Who should read this paper IT Managers who are trying to manage
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationThe End Endorsed Devices pose a Large Security Risk to Your Organization
2013 State of the Endpoint Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report 2013 State of the Endpoint Ponemon Institute:
More informationWhite Paper. Data Security. The Top Threat Facing Enterprises Today
White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is
More informationSeven for 7: Best practices for implementing Windows 7
Seven for 7: Best practices for implementing Windows 7 The early reports are in, and it s clear that Microsoft s Windows 7 is off to a fast start thanks in part to Microsoft s liberal Windows 7 beta program
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationWhat you need to know to keep your computer safe on the Internet
What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security
More informationPROTECTION & CONTROL. Unified. Lumension Security provides proactive endpoint protection and control through best-of-breed policy-based solutions.
Unified PROTECTION & CONTROL Lumension Security provides proactive endpoint protection and control through best-of-breed policy-based solutions. putting security in a positive light putting security in
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationAnti-exploit tools: The next wave of enterprise security
Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of
More informationCommissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss
Commissioned Study SURVEY: Web Threats Expose Businesses to Data Loss Introduction Web-borne attacks are on the rise as cybercriminals and others who do harm to computer systems for profit or malice prey
More informationCompliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme
Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme avecto.com Contents Introduction to the scheme 2 Boundary firewalls and internet gateways 3 Secure configuration
More informationIntelligent Whitelisting:
Intelligent Whitelisting: An Introduction to More Effective and Efficient Endpoint Security The volume and sophistication of malware is skyrocketing, and traditional anti-virus approaches are struggling
More informationIs your business secure in a hosted world?
Is your business secure in a hosted world? Threats to the security of business data are constantly growing and evolving - What can you do ensure your data remains secure? Introduction The safe use of computer
More informationPatch Management. Picking the Low-Hanging Fruit. Why fixing third-party application vulnerabilities is at
Patch Management Picking the Low-Hanging Fruit Why fixing third-party application vulnerabilities is at the core of sound information security and how to make sure patch management is optimizing your security
More informationBYOD & MOBILE SECURITY
2013 surve y results BYOD & MOBILE SECURITY Group Partner Information Security Sponsored by Symantec KPMG Zimbani MailGuard INTRODUCTION Welcome to the 2013 BYOD & Mobile Security Report! Bring Your Own
More informationeguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life
Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows
More informationSurvey: Endpoint Security Concerns 2014 The issues keeping IT admins awake into the New Year
Survey: Endpoint Security Concerns 2014 The issues keeping IT admins awake into the New Year Intro 2014 has created uncertainty for those in charge of IT security. Not only is the threat landscape advancing
More informationThe Future of Network Security Sophos 2012 Network Security Survey
The Future of Network Security Sophos 2012 Network Security Survey Sophos and Vanson Bourne surveyed 571 IT decision makers globally to gain a deeper understanding of how IT teams are responding to technology
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationWebsense: Worldwide Leader in Web Filtering Expands into Web Security
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com VENDOR PROFILE Websense: Worldwide Leader in Web Filtering Expands into Web Security Brian E. Burke
More informationFEELING VULNERABLE? YOU SHOULD BE.
VULNERABILITY ASSESSMENT FEELING VULNERABLE? YOU SHOULD BE. CONTENTS Feeling Vulnerable? You should be 3-4 Summary of Research 5 Did you remember to lock the door? 6 Filling the information vacuum 7 Quantifying
More informationTowards a Comprehensive Internet Security Strategy for SMEs
Internet Security Strategy for SMEs Small and medium-sized enterprises (SMEs) need a comprehensive Internet security strategy to be able to protect themselves from myriad web-based threats. Defining and
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationIdentifying Cyber Risks and How they Impact Your Business
10 December, 2014 Identifying Cyber Risks and How they Impact Your Business David Bateman, Partner, K&L Gates, Seattle Sasi-Kanth Mallela, Special Counsel, K&L Gates, London Copyright 2013 by K&L Gates
More informationEndpoint Security Management
Endpoint Security Management LANDESK SOLUTION BRIEF Protect against security threats, malicious attacks and configuration vulnerabilities through strong endpoint security control and maintenance. Protect
More informationOctober 2014. Application Control: The PowerBroker for Windows Difference
Application Control: The PowerBroker for Windows Difference October 2014 1 Table of Contents Introduction... 4 The Default-Deny Approach to Application Control... 4 Application Control s Dependence on
More information2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.
2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationThe Importance of Patching Non-Microsoft Applications
The Importance of Patching Non-Microsoft Applications Technical WHITE PAPER The Importance of Patching Non-Microsoft Applications In the past, organizations patched only Microsoft operating systems. As
More informationNovember 4, 2015. Underwritten by:
November 4, 2015 Underwritten by: Introduction More and more Internet-enabled devices are connecting to Federal networks. Are endpoint security strategies maturing as the definition of an endpoint expands?
More information76% Secunia Vulnerability Review. Key figures and facts from a global IT-Security perspective. Published February 26, 2014. secunia.
Secunia Vulnerability Review 2014 Key figures and facts from a global IT-Security perspective Published February 26, 2014 76% Browser Vulnerabilities 7540 893 7540 731 7540 727 7540 441 7540 208 7540 207
More informationAchieving HIPAA Security Rule Compliance with Lumension Solutions
Achieving HIPAA Security Rule Compliance with Lumension Solutions Healthcare organizations face a host of HIPAA Security Rule compliance challenges with the move to put patient medical records online.
More informationCYBER STREETWISE. Open for Business
CYBER STREETWISE Open for Business As digital technologies transform the way we live and work, they also change the way that business is being done. There are massive opportunities for businesses that
More informationEndpoint Security: Moving Beyond AV
Endpoint Security: Moving Beyond AV An Ogren Group Special Report July 2009 Introduction Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability,
More informationEnabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments
Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments Efficiently and Cost- Effectively Managing Mobility Risks in the Age of IT Consumerization Table of Contents EXECUTIVE
More informationOpen an attachment and bring down your network?
Open an attachment and bring down your network? Many people think this will never happen to them, but virus attacks can come from unlikely sources and can strike when you least expect it. They can wreak
More information3 Strategies to Protect Endpoints from Risky Applications
3 Strategies to Protect Endpoints from Risky Applications Though most organizations have invested considerable time and effort in improving their endpoint risk management processes, many of them are ill-equipped
More informationNetsweeper Whitepaper
Netsweeper Inc. Corporate Headquarters 104 Dawson Road Suite 100 Guelph, ON, Canada N1H 1A7 CANADA T: +1 (519) 826-5222 F: +1 (519) 826-5228 Netsweeper Whitepaper The Evolution of Web Security June 2010
More informationSpecific recommendations
Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More information2012 Endpoint Security Best Practices Survey
WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners
More informationHope is not a strategy. Jérôme Bei
Hope is not a strategy Jérôme Bei Press Highlights Conficker hits German Government! 3000 Clients down! Datatheft at German Telekom: 17.000.000 Customer Records lost! About 1.000.000 pieces of Malware
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationPerception and knowledge of IT threats: the consumer s point of view
Perception and knowledge of IT threats: the consumer s point of view It s hard to imagine life without digital devices, be it a large desktop computer or a smartphone. Modern users are storing some of
More informationMoving to the Cloud? Take Your Application Security Solution with You. A WhiteHat Security Whitepaper. September 2010
Moving to the Cloud? Take Your Application Security Solution with You September 2010 A WhiteHat Security Whitepaper 3003 Bunker Hill Lane, Suite 220 Santa Clara, CA 95054-1144 www.whitehatsec.com Introduction
More informationBEST PROTECTION FOR DESKTOPS AND LAPTOPS. Client Security
BEST PROTECTION FOR DESKTOPS AND LAPTOPS Client Security UP-TO-DATE SOFTWARE IS THE KEY TO SECURITY 83%[1] of top ten malware could have been avoided by using up to date software. Criminals ruthlessly
More informationCloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost
y Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by Phone: +1 877-21-TREND www.trendmicro.com/go/smartprotection
More informationHow To Manage A Network Security Risk
Scanless Vulnerability Assessment: Skybox Security whitepaper July 2014 1 Overview Vulnerability scanning, or the process of identifying a list of known security gaps in the network environment, is the
More informationBlacklist-based Software versus Whitelist-based Software Whitepaper
Blacklist-based Software versus Whitelist-based Software Whitepaper Last modified: September 1st, 2011 Intelligent Solutions for ABSOLUTE Control www.faronics.com 1999 2011 Faronics Corporation. All rights
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationHacking Crisis Highlights Crypto Chaos
TREND ADVISOR: Hacking Crisis Highlights Crypto Chaos Four Data Traffic Security Challenges Exposing Enterprises to Hack Attacks IT departments were battered by a cybersecurity perfect storm in 2014. While
More informationCuTTIng ComplexITy simplifying security
CuTTIng ComplexITy simplifying security With corporate IT becoming increasingly complex, how can you boost efficiency while improving corporate security? with kaspersky, now you can. kaspersky.com/business
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationAre all of your employees applying all security updates to all of their devices?
Are all of your employees applying all security updates to all of their devices? If the answer is yes, read no further. If the answer is no, here s some food for thought! Consumer behavior is reshaping
More informationProtection for Mac and Linux computers: genuine need or nice to have?
Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior
More informationFive steps to improve your network s health
Five steps to improve your network s health On April 7, 2014, just when some people were beginning to feel more confident that their approach to network security was resulting in strong protection, an
More informationVirtual Patching: a Proven Cost Savings Strategy
Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes
More informationEndpoint Security More secure. Less complex. Less costs... More control.
Endpoint Security More secure. Less complex. Less costs... More control. Symantec Endpoint Security Today s complex threat landscape constantly shifts and changes to accomplish its ultimate goal to reap
More informationGlobal IT Security Risks: 2012
Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection
More informationGuideline for Prevention of Spyware and other Potentially Unwanted Software
Guideline for Prevention of Spyware and other Potentially Unwanted Software Introduction Most users are aware of the impact of virus/worm and therefore they have taken measures to protect their computers,
More informationsponsored by White paper What can CRM bring to your business? A study of the benefits offered by CRM across all areas of the business
sponsored by >> White paper What can CRM bring to your business? April 2011 A study of the benefits offered by CRM across all areas of the business Contents Executive summary p 3 The evolution of CRM p
More informationEXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.
Non-intrusive, authenticated scanning for OT & IT environments The situation: convenience vs. security Interconnectivity between organizations and corporate networks, the internet and the cloud and thus
More informationBOYD- Empowering Users, Not Weakening Security
BOYD- Empowering Users, Not Weakening Security Table of Contents Exec summary... 3 Benefits of BYOD... 4 Threats that BYOD Harbours... 5 Malware... 5 Data Leakage... 5 Lost or Stolen Devices... 5 Public
More informationComplete Patch Management
Complete Patch Management Complete - Flexible Unique In- Depth Secunia CSI 7 Corporate Software Inspector Take control of the vulnerability threat and optimize your IT security investments. The Secunia
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationBYOD Policy & Management Part I
Introduction Many of today s endpoints are neither known nor protected. According to Gartner, enterprises are only aware of 80 percent of the devices on their network. Those 20 percent of unknown devices
More informationWHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
More informationNetwork Security Report:
Network Security Report: The State of Network Security in Schools Managing tight budgets. Complying with regulatory requirements. Supporting Internet-based learning technologies. There are many challenges
More informationApplication White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off
Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationTop Four Considerations for Securing Microsoft SharePoint
Top Four Considerations for Securing by Chris McCormack, Product Marketing Manager, Sophos is now the standard for internal and external collaboration and content management in much the same way Microsoft
More informationCPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS
CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access
More informationBuilding a Web Security Ecosystem to Combat Emerging Internet Threats
I D C V E N D O R S P O T L I G H T Building a Web Security Ecosystem to Combat Emerging Internet Threats September 2005 Adapted from: Worldwide Secure Content Management 2005 2009 Forecast Update and
More informationWhite Paper. What the ideal cloud-based web security service should provide. the tools and services to look for
White Paper What the ideal cloud-based web security service should provide A White Paper by Bloor Research Author : Fran Howarth Publish date : February 2010 The components required of an effective web
More informationThe Importance of Patching Non-Microsoft Applications
The Importance of Patching Non-Microsoft Applications Technical WHITE PAPER The Importance of Patching Non-Microsoft Applications In the past, organizations patched only Microsoft operating systems. As
More information8 Ways to Better Monitor Network Security Threats in the Age of BYOD January 2014
8 Ways to Better Monitor Network Security Threats in the Age of BYOD January 2014 8 Ways to Better Monitor Network Security Threats in the Age of BYOD 2 Unless you operate out of a cave, chances are your
More information