Cable and Satellite TV have produced an influx of both wonderful content as well as garbage programming for us to try and sift through as consumers. As we can all attest, finding content that is important and meaningful to us can be a challenge. You rely on other’s opinions in addition to your own research by sitting through painful TV in order to get to something meaningful. Nobody wants to waste time on things that don’t benefit him or her.
If we thought our jobs of being couch potatoes are difficult, IT and information security pros are facing extremely difficult tasks when trying to watch and filter all of the various channels in their infrastructures. They are forced to determine what is the signal that they need to be paying attention to versus the constant noise that invades their environments every second of everyday. Microsoft’s latest iteration of patches disclosed this week is yet another example of the burden that security and IT engineers face when dealing with breaking vulnerabilities. SChannel exploitation is definitely a channel worth watching and having the cable guy fix immediately.
Change management meetings across the globe are being conducted to determine the operational severity and risk of the recently announced vulnerabilities as well as the process and schedule for remediation. Let’s face it; this is not a trivial process for anyone. Some organizations have very mature methodologies and processes for applying critical patches as well as routine patches to their environments. Vast majorities don’t have the level of maturation in these areas not to mention the staff required to keep up with the constant gyration of critical patches. It is an exponentially growing problem that isn’t being solved by legacy approaches.
There is much chatter going on in the community about the true reach and severity of this particular vulnerability. Commentary ranges from “it’s a Windows version of Heartbleed” and needs immediate attention to “no exploits or examples in the wild yet” so let’s proceed with caution and look to patch under normal patch cycles. Both are valid questions to ask and answers will be delivered in a variety of different approaches depending on the organization. Many systems might never get patched in a timely fashion until it is too late.
IT and security practitioners are constantly looking to innovate how they manage risk in their environments and not massively increase the burden on their staff. Exploit code and tactics quickly get assembled after these announcements. Timing is critical and responding quickly is essential to close the window of opportunity for an attacker. Patch throughput is something every organization is working to improve. The balancing act for dealing with vulnerabilities like the latest Heartbleed or SChannel is to quickly reduce risk while not impacting business operations. Oh yeah, and make sure you don’t overwork your staff which causes them to choose another cable provider. Virtual patching may not be the complete panacea for handling these ongoing vulnerability management challenges but it goes a very long way in assisting. It absolutely should be in the tool kit for organizations and their approach to patch management. Windows XP is already no longer supported and won’t receive this patch. Windows 2003 server goes out of support mid next year. Patch challenges to manage exploits will be at an all-time high. Move to enhance processes today to manage the noise. Virtual patching makes these challenges much more manageable.
Trend Micro™ Deep Security is our recommended solution for enterprises to defend their systems against these types of attacks. Deep Security rule DSRU14-035 covers the CVE-2014-6321 vulnerability. Trend Micro customer endpoints are protected with Vulnerability Protection available within our Smart Protection Suites. Trend Micro customer endpoints are protected with Vulnerability Protection available within our Smart Protection Suites. For further analysis on this particular vulnerability and ways in which attackers might look to exploit, please read more from Trend Labs here.
Please add your thoughts in the comments below or follow me on Twitter; @jdsherry.