Patch/Configuration Management, Vulnerability Management

Automated patches necessary for true endpoint security

The threat environment has evolved from the era of script kiddies out for personal fame to its current iteration where specialists develop codes offered for sale on underground markets, according to a presentation on endpoint security at SC World Congress on Wednesday.

"Cybercrime now is all about profit or politics," said Stefan Frei, research analyst director at Secunia, a vulnerability management and tracking firm.m

In one recent study he cited, 100 percent of enterprises analyzed had endpoints with bot infections, despite state of the art perimeter and anti-virus defenses.

"A perfectly patched world is far, far away," he said.

Attackers are no longer going after the obvious targets, such as Microsoft software, he said, because there are too many ripe options available in the form of third-party applications.

A process is needed to identify third-party programs because attackers are going after non-Microsoft applications, he said.

"A patch provides better protection than thousands of signatures," Frei said. "It eliminates the root cause."

A multilayered defense is necessary, he said, as well as controlled identity and timely patching.

To illustrate some of these concepts, Jonathan Sweeny, incident response manager and lead security analyst at  Indiana University, provided a case study which demonstrated how a Secunia tool identifies anomalies on the university's network to help him and his IT team stay on top of attacks and abuses.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.