Cyber security- are you doing enough

Author: Steve Beards, VP APJ Flexera Software

The increased prevalence of cyber-security breaches underscores just how vulnerable enterprises are to malware and hackers. The risks associated with these incidents are now widely known, and CEOs are looking closely at the measures their IT and security teams are taking to fend off potentially catastrophic intrusions. But are they doing enough?

Today, many organisations are building security fortresses that incorporate people, processes and technology to defend against cybersecurity threats. While these fortresses are extremely sophisticated at remaining one-step ahead of threats – it may come as a surprise that they are actually being built on ‘quicksand’. What follows are some key considerations IT Managers and the C-Level should make around getting the security foundation right from the outset.

The Security Foundation: Know the Hardware & Software on Your Network

In 2008, the SANS Institute led a consortium of US and international agencies and security experts to create a prioritised list of security controls that would have the greatest impact in improving organisation’s risk posture against real-world threats. The first of the prioritised Critical Security Controls identified by SANS focuses on the organisation’s ability to actively manage hardware devices on the network so that only authorised devices are given access. This control is critical because attackers are continuously scanning and waiting for unprotected systems to be attached to the network. They’re also looking for devices that come and go off the network that can become out of sync with patches or security updates.

The second control focuses on the inventory of authorised and unauthorised software. Organisations must actively manage all software on the network so that only authorised software is installed. This is critical because, according to SANS, attackers continuously scan and target organisations looking for vulnerable versions of software that can be remotely exploited. Once a single machine has been exploited, attackers can use it as a staging point for collecting sensitive and information from others connected to it.

SANS explains that organisations that don’t have complete software inventories cannot easily find systems running vulnerable or malicious software to mitigate problems or defend against attackers. Therefore, an organisation’s ability to effectively inventory their IT assets to identify authorised versus unauthorised hardware and software serves as the very foundation for the other cybersecurity defenses. This was also the conclusion of a recent BSA/IDC report: Unlicensed Software and Cybersecurity Threats which outlined that the more unlicensed software running on an organisation’s network, the greater the malware risk.

The problem: Most Organisations Can’t Inventory Their Software

The ease with which unlicensed or unauthorised software can find its way onto company systems is staggering. The reality is, most organisations don’t have adequate software inventory capabilities in place – threatening the foundation upon which they are building their cybersecurity defences.

According to a Flexera Software2013-14 Key Trends in Software Pricing & Licensing Report, only 36% of the report’s survey respondents said that they use automated commercial software to manage their software estates. 25% of respondents said they were managing software licenses using manual methods, such as spreadsheets, while 9% are using home grown systems. 18% are using tracking tools provided by their vendors, and 7% are simply not tracking their software licenses at all. There are many reasons why inventorying IT assets is such a complex and difficult task. For instance, with respect to desktop applications, different data sources on a device can be used to identify software applications. These data sources can include:

  • Software Packaging data: On Windows devices, packaging data provides a very accurate list of software applications installed on the computer. In some instances, additional data may be required to clearly identify the software applications, such as finding the edition installed.
  • File data: On the Windows platform, the file header provides information that can also be used to identify an application.
  • Registry information on Windows devices: For instance, the Operating System description, version and edition can be found in the Windows registry.
  • ISO tag files: The International Standardisation Organisation is the best and most accurate way to identify a local software product on a device. It is supposed to provide the name, version and edition of the software product installed, as sold by the publisher.

While several tools exist and are capable of performing inventory tracking; the key issue is maintaining the accuracy of the inventory. New hardware machines are installed and old ones retired every single day, software products are installed, upgraded or removed on a regular basis. For virtual environments, the difficulty lies in identifying all endpoint devices using the virtual machine and metering usage on applications running in the virtual desktop. In a hybrid environment like this, desktop inventory cannot rely solely on traditional configuration management or dedicated inventory tools. What’s needed is a combination of inventory tools and adapters to virtualisation and cloud technology frameworks to gather data and merge it in a single IT asset management repository for consumption by a Software License Optimisation tool.

While most organisations have multiple sources of software and hardware inventory data, they usually do not have a means to consolidate that data from across all their systems into what authorised versus unauthorised systems are running on the corporate network. It is this lack of management-level insight that renders the very foundation of their cybersecurity fortress vulnerable.

The Solution: Optimising the Software License Estate

The good news however, is that appropriate tools are readily available to do this. Software License Optimisation solutions are already being deployed globally by organisations to help them ensure continual compliance with their software license agreements. These solutions are also being deployed to help ensure optimisation of software spend by helping organisations buy only what they need and use what they have.

Some of these Software License Optimisation solutions can also help organisations comply with their SANS Critical Security Controls for software and hardware inventory. The best strategy is to understand what data sources are available within the organisation and use them first. Then, deploy and use the additional features of the Software License Optimisation tool to arrive at an accurate and updated picture of your inventory.

Join the CSO newsletter!

Error: Please check your email address.

Tags Flexera Softwarecyber-securitySANsvulnerable enterprises Hardware & SoftwareSoftware Packaging dataCSO Australia

More about BSAFlexeraISOSANS Institute

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Beards

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place