Charles Leaver – Is There A Watcher Of The Watchers In Your Enterprise?

Written By Charles Leaver CEO Ziften

High level hacks underline how an absence of auditing on existing compliance products can make the worst kind of front page news.

In the previous Java attacks into Facebook, Microsoft and Apple as well as other giants of the industry, didn’t have to dig too much into their playbooks to find an approach to attack. As a matter of fact they employed one of, if not the oldest axiom in the book – they used a remote vulnerability in massively distributed software and exploited it to install remote access to software application ability. And in this case on an application that (A) wasn’t the latest version and (B) probably didn’t need to be running.

While the hacks themselves have actually been headline news, the methods organizations can utilize to prevent or reduce them is quite dull stuff. All of us hear “keep boxes up to date with patch management software applications” and “guarantee uniformity with compliance tools”. That is industry standard and old news. But to present a question: who is “watching the watchers”? Which in this case the watchers being compliance, patch and systems management innovations. I believe Facebook and Apple found out that even if a management product tells you that a software application current does not mean you ought to believe it! Here at Ziften our results in the field say as much where we regularly reveal lots of variations of the SAME significant application running on Fortune 1000 sites – which by the way all are using compliance and systems management products.

In the case of the exploited Java plug-in, this was a SIGNIFICANT application with huge circulation. This is the type of software that gets tracked by systems management, compliance and patch products. The lesson from this could not be clearer – having some type of check against these products is essential (simply ask any of the organizations that were attacked…). However this just makes up a portion of the problem – this is a significant (debatably necessary) application we are discussing here. If companies struggle to get their arms around maintaining updates on known authorized applications being used, then exactly what about all the unknown and unneeded running applications and plug-ins and their vulnerabilities? Stated simply – if you can’t even know what you are expected to understand then how on Earth can you understand (and in this case safeguard) about the things you don’t know or are concerned about?