Industry Research : Secunia Software Security Report Conclusions are Not as Bleak
Commenting on a report from Secunia – which concludes that cybercriminals are effectively outdistancing IT admins when it comes to software patching and security – Avecto says that the battle is far from lost, as savvy IT professionals have a wealth of electronic armaments they can throw at the problem.
2018 Top Ranking Performers Present:
The study, says Paul Kenyon, chief operating officer with the Windows management provider, concludes that – good though Microsoft is at patching its operating system and mainstream software – it is third-party applications that are now being targeted by cybercriminals.
"And when you read that none of the top 20 software providers managed to decrease the number of vulnerabilities in their products over the last five years, you could be forgiven for a little doom and gloom creeping in on the security front," he said.
"That is, of course, until you realise that there’s a lot more to software security than securing the code of the application and its underlying operating system – essential as this process is. Technologies such as application whitelisting and applying privileges to software, rather than users, to prevent exploits of vulnerabilities are incredibly useful for keeping the cybercriminals and code hackers in their playpens," he added.
The Avecto chief operating officer went on to say that application whitelisting – the process of locking down which code can execute on an exclusive basis – can play a crucial part in securing an IT platform against vulnerability exploits.
Put simply, he explained, even if hackers manage to discover and exploit a new zero-day vulnerability in a given application, then they cannot run any third-party code – or adapted existing code - that they try and introduce to the system.
And with the addition of privilege management to the security mix – namely the process of eliminating admin rights on all general user accounts and higher functionality to all but a few admin accounts – you create a least privilege/least risk software environment. In addition, Avecto has found this approach to have an advantage of reducing IT costs for the company concerned.
Application whitelisting, he adds, differs markedly from the signature-based approach of blocking/removing known harmful software that most anti-virus applications use, since that approach is more of a blacklisting methodology.
CONTACT CENTER & CUSTOMER ENGAGEMENT
BERLIN - ORLANDO - MACAO
FIND OUT MORE!
"The bottom line here is that using application whitelisting in conjunction with privilege management – in parallel with existing software security methodologies – can go a long away to stopping the problem of cybercriminals exploiting any loopholes in your operating system and applications," he said.
"This is especially true in the case of the complex software portfolios and the use of less common applications in commercial environments – two issues that the Secunia report singles out, along with the fact that end points are now top targets in many businesses," he added.
"The important thing to realise when reading this report is that security is no longer the distinct black and white science it once was. The complexities of software security mean that application whitelisting and privilege management can easily be brought to bear on the problems that the Secunia study identifies."
2018 Top Ranking Performers Present:
Today's Tip of the Day - The Initial Meeting
More Editorial From Avecto
Published: Monday, February 20, 2012
Genesys® powers 25 billion of the world’s best customer experiences each year. Our success comes from connecting employee and customer conversations on any channel, every day. Over 10,000 companies in...
NICE (NASDAQ: NICE), is a worldwide provider of intent-based solutions that capture and analyze interactions and transactions, realize intent, and extract and leverage insights to deliver impact in re...
DialogTech, the combination of Ifbyphone and Mongoose Metrics, provides the only platform for end-to-end call attribution and conversion essential for data-driven marketers. DialogTech's platform solv...
Dialogic is a provider of technologies based on open standards such as host media processing and other multimedia products that enable its customers and partners to deliver mobile, video, IP, and TDM ...