Share

ASD Essential Eight Explained – Part 2: Patching Applications

The Essential Eight

The Australian Signals Directorate (ASD) Essential Eight has received considerable attention since it included an additional four strategies to the previously defined ‘Top 4 Strategies to Mitigate Cybersecurity Incidents’. Logan Daley continues the ASD Essential Eight Explained series below.


Patching Applications

What is it?

In a nutshell, applications are designed to perform a specific task but often don’t account for potential flaws and vulnerabilities. Unless it’s actually a security-centric application, security is lower on the features list, that’s if it makes the list at all. In some cases, applications are released with undocumented capabilities, features enabled are not being used, or use non-standard ports and services. In all fairness, if we tried to QA the apps to perfection, we’d never actually get anything to market!

Over time, the capabilities, features, and other bugbears come to the surface and are fixed by the vendor or, in other cases, discovered and exploited by those that don’t share my sunny disposition.

Where do I start?

As is the case with Application Whitelisting, a current inventory of applications is a must-have. We need to know what is on our network and why. Odds are the vendors of those applications have released patches and updates to address these issues, add features, and improve performance. Once we know what applications we have, we can investigate whether or not we have the latest stable releases and patches. In some cases, vendors are very proactive and notify their clients, supplying the patches at no charge during the lifetime of the application. Some charge extra for this service, but some just make them available without letting you know. In the end, patches and updates should be available.

Any pitfalls?

Without a doubt, Shadow IT can bite hard here. If you focus only on the “known” and approved applications, you may overlook the one-off applications downloaded to perform some task not officially sanctioned by the company. Even these one-off systems should be updated (or preferably removed until their existence can be justified and approved). In larger enterprises, patching applications can become all-consuming as it seems there are updates every day. A solid change-management process to test, schedule and deploy updates and patches on a prioritised basis is a must-have.

The ghost in the machine?

We are fooling ourselves if we think we can secure every application perfectly; risk will always remain. The key is to reduce the risk inherent in using applications to an acceptable level. Where the possibility to interact with an application exists, so does the ability to exploit the same. Technology was created by humans so human error is innate.

How do I make it work?

Once you have a current inventory of your applications and a reliable change management process in place, it’s time to begin (or at least keep going) with patching your systems to the current stable releases. Remove or replace any unsupported applications and make sure they’re included in your application whitelisting solution. Create a list, subscribe to alerts, or at the very least ask your vendors to notify you of updates and patches so you can include them in your regular scheduled maintenance. When it comes to emergency or urgent patches, treat them as a priority. Recent incidents with WannaCry and Petya/NotPetya  should have highlighted this.

Am I missing anything?

While this approach seems to consider the current state, make sure to include any new applications as soon as they hit production. Even the latest and greatest systems will be updated at some point. Also, don’t overlook the software and firmware that run on your network appliances, physical and virtual. The programs that run your routers, switches, firewalls, load balancers and so on are still applications.

How do I start?

Take a deep breath and realise this isn’t going to happen overnight. Get the right people involved and don’t hesitate to put your hand up if you need some help. Begin with your current application inventory and if you’ve recently undertaken an Application Whitelisting project, you should already have that. Prioritise your applications and make sure you have the latest stable version of each. If you are a few versions behind, acquire, test, and deploy the patches using your change management process. Rinse and repeat!

Read more from the ASD Essential Eight Explained series.

Go to: Part 1: Application Whitelisting


Tags: ASD Essential Eight, Cybersecurity, Network Security, Patching Applications

Featured

Subscribe to our blog

Related

Azure Cosmos Vulnerability
Vulnerability in Microsoft Azure Cosmos DB

TLDR: I recommend all customers using Cosmos DB rotate all connection keys for each instance of Cosmos DB immediately.  …

Microsoft Data#3 Certified
Data#3 leads the way with Microsoft certifications and advanced specialisations

August 10, 2021; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, today announced that it has successfully renewed…

Email Security
Email: E for Error?

A number of years ago while on a family vacation, a younger member of the household that stayed behind was…

Q&A St Vincents Health
A new Era in Data Management:
Q&A with Cohesity and St Vincent’s Health Australia

Legacy data management environments are complex and siloed, leading to unnecessary expense and overheads that today’s IT teams simply don’t…

Data#3 recognised as a global finalist of 2021 Microsoft OEM Device Distributor/Reseller Partner of the Year

July 09, 2021; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, today announced it has been named a…

Blog | Cohesity Use Cases
The modern use cases driving an evolution in data protection and recovery

In our previous post, we looked at what’s driving the increased interest in Cohesity and introduced a few use…

Customer Story: A Cisco Firepower Case Study

Cisco Firepower Strengthens Organisational Cybersecurity Defences Objective As a large organisation that places a high priority on IT security to…

Why Cohesity?
What’s driving the increased interest in Cohesity?

There has been a quiet evolution taking place in an area that often gets overlooked when it comes to technology…