Chuck Leaver – Are The Watchers Being Watched In Your Organization?

Written By Chuck Leaver CEO Ziften



High profile cyber attacks highlight how an absence of auditing on existing compliance products can make the worst sort of front page news.

In the previous Java attacks into Facebook, Microsoft and Apple in addition to other giants of the market, didn’t need to dig too deep into their playbooks to find an approach to attack. As a matter of fact they utilized one of, if not the most ancient axiom in the book – they utilized a remote vulnerability in enormously dispersed software applications and exploited it to install remote access to software application capability. And in this case on an application that (A) wasn’t up to date and (B) most likely didn’t need to be running.

While the hacks themselves have actually been front page news, the methods organizations can utilize to prevent or eradicate them is pretty boring stuff. We all hear “keep boxes current with patch management software” and “ensure harmony with compliance tools”. That is industry standard and old news. But to pose a concern: who is “watching the watchers”? Which in this case the watchers being compliance, patch and systems management technologies. I think Facebook and Apple discovered that even if a management system tells you that software is up to date does not indicate you should believe it! Here at Ziften our results in the field state as much where we regularly uncover lots of versions of the SAME major application running on Fortune 1000 sites – which by the way all are using compliance and systems management products.

In the case of the exploited Java plug-in, this was a MAJOR application with large circulation. This is the type of software that gets monitored by systems management, compliance and patch products. The lesson from this could not be clearer – having some kind of check against these products is essential (just ask any of the companies that were attacked…). However this just constitutes a part of the issue – this is a significant (debatably essential) application we are discussing here. If companies find it difficult to get their arms around keeping ahead with updates on recognized authorized applications being used, then what about all the unknown and unnecessary running applications and plug-ins and their vulnerabilities? Stated simply – if you can’t even understand exactly what you are supposed to know then how on Earth can you understand (and in this case secure) about the important things you don’t know or are concerned about?