The Magic Button
There is a magic button that is going to save us all. Mathematical modeling, sandboxing, behavioral analysis, machine learning, EDR, what not button. Just click it. Auto Patching vulnerability is gone thing, who is going to sit and roll out those tedious little things. I have invested in magic button. Why should we care about hardening systems? Magic button would in run-time harden it all. Wanna Cry.
Vulnerability scanning vendors made you believe it is all about running a scheduled scan, it throws up report and you have your risk assessment report ready. Security auditors only want you to run a scan occasionally and it is just about that. Run remote scans, discover about 10% of those known vulnerabilities and feel satisfied your network is safe. What about those other 90%? You need authenticated scans, time consuming, hogs my network, too much resource utilization on my system. It throws up 10000-page report. Let’s ignore for now.
Enter the risk prioritization vendors, they told you these are the most critical issues, which are humongous anyway. If you must fix all these, you’ll have to touch all systems. Let’s ignore for now.
With the complexities of the vulnerability scanners, risk prioritization tools, workflow management systems and the patching tools, let’s take some 3-6 months to fix the vulnerabilities or leave it wide open or one-step better, continue to use outdated software.
The game of war hasn’t changed. You still must keep your defenses tight.
Another Proof, Another Reason for Wanna Cry
Wanna Cry, Wanna Crypt, Wanna Decryptor is yet another proof, yet another cry to perform risk assessment, keep your software updated and hardened. There is no other way around it. Because 90% of attacks make use of known vulnerabilities, it is about fixing them.
Wanna Cry ransomware makes use of a vulnerability in Microsoft Windows Operating System which was fixed in the month of March (MS17-010). The exploit named EternalBlue is being used in the ransomware to launch the attack. Read more about WannaCry Ransomware in this blog.
How to prevent?
- Install all Microsoft updates released to-date.
- Disable SMB v1 version
Also, SecPod Saner helps automatically roll-out these patches and harden the devices (disable SMB v1 and many other functions).