Large organisations are finding it increasingly difficult to perform even the most basic actions required to maintain the security of their IT infrastructure. For example, we are seeing this being borne out by the London Metropolitan Police, which is still running 27,000 PCs on Windows XP, an obsolete legacy operating system that Microsoft hasn’t officially supported since 2014.
The update mechanism for Microsoft software is relatively straightforward and the date that Windows XP would be made end-of-life was published well in advance. Therefore it is worrying what we’d find if we were to dig deeper. For example, how many known software vulnerabilities would we uncover if we were to consider all of the 3rd party software applications being used across the Force? Furthermore, would the existing procedures for applying security patches have been extended to other technologies such as mobile devices, tablets and body-worn cameras? 90% of data breaches result from a software vulnerability that is at least a year old and for which a security update is freely available. So a failure to get a handle on this unglamorous yet critical activity poses real problems.
Like it or not the continued sole reliance on pure prevention strategies such as antivirus and blacklisting is subject to failure. The threat posed by malware has grown exponentially and it’s simply not feasible to lock down access to IT systems in the way it once was. For the sake of data security organisations have to look beyond existing point solutions to adopt a more holistic detect and respond mentality. That requires the capability to obtain a real-time understanding of all devices and applications connecting to or running on the network. This in turn requires the adoption of a standards-based approach that automates simplifies and evolves security management to a point where IT service and security teams have the bandwidth to carry out more strategic interventions.
For service management and security tools that have been built and devised for today’s IT landscape the automation of basic security processes is a relatively straightforward process. However, for legacy security platforms that predate major advances in the adoption of mobility and cloud technology it can prove almost impossible. Increasingly they are being asked to address problems they were never expected to encounter in the first place, so it’s really no great surprise that they struggle.
Inevitably, many organisations fail to invest in upgraded security until they have themselves suffered the pain of a data breach. However, continuing to invest in a tool that is struggling to keep pace with the evolving security landscape is a false economy. Just one unsecured application can provide attackers with the initial entry-point they require to get inside the network. Therefore the active detection and response has to be part of the solution.