The number of reported security vulnerabilities in 2013 continued to increase compared to 2012. Vulnerabilities are on the rise constantly increasing since 2011. The high severity vulnerabilities increased by 16 percent from 2012.
Once upon a time, attacks on computers and networks were relatively simple. Our primary worry was viruses and their variants – worms, Trojans, rootkits. Their authors set out with malicious intent, to create software that can cause harm by shutting down a system or an entire network, destroying data and/or programs, or collect information and send it back to the attackers.
Written by: Christina Goggi
One of the big buzz words in IT for the past several years has been BYOD (Bring Your Own Device). BYOD scenarios are starting to crop up everywhere, from small businesses all the way up to federal government agencies. One of the biggest challenges SysAdmins, security professionals and CIOs all face is how to secure these devices.
One trend that is growing in popularity involves the approach of “securing the data, not the device”. While that sounds great and should definitely be a part of your security strategy, if you think you can get away with securing your data while ignoring all those devices, you are only a breaking news story away from a very embarrassing situation. Defense in-depth strategies require you to secure more than just the data, and the devices your users use are a key component, whether you paid for them or they did.
We’re very happy to announce GFI LanGuard 2014 has been launched today! In this Q&A interview, Cristian Florian, Product Manager for GFI LanGuard, talks about what’s new in this release.
Q: How is GFI LanGuard adapting to the changes that happen so fast in the IT infrastructure landscape nowadays?
IT environments now include so many different devices, operating systems and applications that network administrators may not even be aware of all of them. The rise in BYOD (Bring Your Own Device) in business environments has added to the burden system administrators have to carry every day, in turn forcing them to stay on top of their network environment, strengthen security, while also monitoring an ever-changing network infrastructure.
Patching is not something that the IT department really enjoys doing. It is complicated and ongoing. It takes forever and it doesn’t add any actual business value.
Meanwhile you have myriad systems to patch, and endless patches to test and then install. Then you have to do it all over again. And again. And again.
No wonder a recent study by the UK-based Federation of Small Business shows that little more than a third (36%) of small shops patch regularly. Then these shops wonder why they got compromised, or blame their software vendors, especially Microsoft® – a common security punching bag!
Patching, well, patching properly, solves the majority of security problems. In fact 90% of successful exploits are against unpatched systems.
Even environments that should presumably be highly secure too often fail to patch. Last year an audit at the U.S. Department of Energy found that some 60% of their desktops lacked important patches.
Managing and administering software updates remains one of the most challenging and resource-intensive tasks an IT Department undertakes on a daily basis.
While software updates serve many important roles, be it delivering feature improvements or fixing bugs and security vulnerabilities, they bring with them a number of potential challenges for the IT Department in terms of ensuring systems are up-to-date, that new problems are not introduced by patches designed to fix things, and updates do not create compatibility or instability issues. All this needs to be done while ensuring that updates are pushed to PCs as quickly as possible to prevent vulnerabilities being exploited. The constantly evolving software landscape makes patch management an important consideration for all IT decision makers,regardless of organization size.
Although not all stories in the tech press are directly related to security, they often highlight issues that can be excellent educational material. A recent story in The Register about a researcher who wanted to map the Internet caught my attention.
The researcher had a Herculean task to complete: to scan billions of IP addresses using the few computers he had at his disposal. He obviously needed help but where does one find that level of assistance? The researcher gave this some thought and decided to try and exploit insecure systems connected to the Internet. That surely would help.