Industry Research : Secunia Software Security Report Conclusions are Not as Bleak
Commenting on a report from Secunia – which concludes that cybercriminals are effectively outdistancing IT admins when it comes to software patching and security – Avecto says that the battle is far from lost, as savvy IT professionals have a wealth of electronic armaments they can throw at the problem.
The study, says Paul Kenyon, chief operating officer with the Windows management provider, concludes that – good though Microsoft is at patching its operating system and mainstream software – it is third-party applications that are now being targeted by cybercriminals.
"And when you read that none of the top 20 software providers managed to decrease the number of vulnerabilities in their products over the last five years, you could be forgiven for a little doom and gloom creeping in on the security front," he said.
"That is, of course, until you realise that there’s a lot more to software security than securing the code of the application and its underlying operating system – essential as this process is. Technologies such as application whitelisting and applying privileges to software, rather than users, to prevent exploits of vulnerabilities are incredibly useful for keeping the cybercriminals and code hackers in their playpens," he added.
The Avecto chief operating officer went on to say that application whitelisting – the process of locking down which code can execute on an exclusive basis – can play a crucial part in securing an IT platform against vulnerability exploits.
Put simply, he explained, even if hackers manage to discover and exploit a new zero-day vulnerability in a given application, then they cannot run any third-party code – or adapted existing code - that they try and introduce to the system.
And with the addition of privilege management to the security mix – namely the process of eliminating admin rights on all general user accounts and higher functionality to all but a few admin accounts – you create a least privilege/least risk software environment. In addition, Avecto has found this approach to have an advantage of reducing IT costs for the company concerned.
Application whitelisting, he adds, differs markedly from the signature-based approach of blocking/removing known harmful software that most anti-virus applications use, since that approach is more of a blacklisting methodology.
....NOTE - content continues below this message
SPONSOR MESSAGE: INVITATION!
We invite you and your colleagues to take a couple of days out of your busy schedule to join us and the elite in the industry to listen to the NEXT GENERATION Contact Center & Customer Engagement Best Practices.
"The bottom line here is that using application whitelisting in conjunction with privilege management – in parallel with existing software security methodologies – can go a long away to stopping the problem of cybercriminals exploiting any loopholes in your operating system and applications," he said.
"This is especially true in the case of the complex software portfolios and the use of less common applications in commercial environments – two issues that the Secunia report singles out, along with the fact that end points are now top targets in many businesses," he added.
"The important thing to realise when reading this report is that security is no longer the distinct black and white science it once was. The complexities of software security mean that application whitelisting and privilege management can easily be brought to bear on the problems that the Secunia study identifies."
Today's Tip of the Day - Don't Share Everything
More Editorial From Avecto
Published: Monday, February 20, 2012
Genesys® powers 25 billion of the world’s best customer experiences each year. Our success comes from connecting employee and customer conversations on any channel, every day. Over 10,000 companies in...
NICE (NASDAQ: NICE), is a worldwide provider of intent-based solutions that capture and analyze interactions and transactions, realize intent, and extract and leverage insights to deliver impact in re...
eGain customer engagement solutions power digital transformation for leading brands. Our top-rated cloud applications for social, mobile, web, and contact centers help clients deliver connected custom...
Avaya is a recognized innovator, leading business communications for the digital age. Avaya delivers smart global solutions and technologies for customer and team engagement, unified communications an...