fbpx
Share

ASD Essential Eight Explained – Part 2: Patching Applications

The Essential Eight

The Australian Signals Directorate (ASD) Essential Eight has received considerable attention since it included an additional four strategies to the previously defined ‘Top 4 Strategies to Mitigate Cybersecurity Incidents’. Logan Daley continues the ASD Essential Eight Explained series below.


Patching Applications

What is it?

In a nutshell, applications are designed to perform a specific task but often don’t account for potential flaws and vulnerabilities. Unless it’s actually a security-centric application, security is lower on the features list, that’s if it makes the list at all. In some cases, applications are released with undocumented capabilities, features enabled are not being used, or use non-standard ports and services. In all fairness, if we tried to QA the apps to perfection, we’d never actually get anything to market!

Over time, the capabilities, features, and other bugbears come to the surface and are fixed by the vendor or, in other cases, discovered and exploited by those that don’t share my sunny disposition.

Where do I start?

As is the case with Application Whitelisting, a current inventory of applications is a must-have. We need to know what is on our network and why. Odds are the vendors of those applications have released patches and updates to address these issues, add features, and improve performance. Once we know what applications we have, we can investigate whether or not we have the latest stable releases and patches. In some cases, vendors are very proactive and notify their clients, supplying the patches at no charge during the lifetime of the application. Some charge extra for this service, but some just make them available without letting you know. In the end, patches and updates should be available.

Any pitfalls?

Without a doubt, Shadow IT can bite hard here. If you focus only on the “known” and approved applications, you may overlook the one-off applications downloaded to perform some task not officially sanctioned by the company. Even these one-off systems should be updated (or preferably removed until their existence can be justified and approved). In larger enterprises, patching applications can become all-consuming as it seems there are updates every day. A solid change-management process to test, schedule and deploy updates and patches on a prioritised basis is a must-have.

The ghost in the machine?

We are fooling ourselves if we think we can secure every application perfectly; risk will always remain. The key is to reduce the risk inherent in using applications to an acceptable level. Where the possibility to interact with an application exists, so does the ability to exploit the same. Technology was created by humans so human error is innate.

How do I make it work?

Once you have a current inventory of your applications and a reliable change management process in place, it’s time to begin (or at least keep going) with patching your systems to the current stable releases. Remove or replace any unsupported applications and make sure they’re included in your application whitelisting solution. Create a list, subscribe to alerts, or at the very least ask your vendors to notify you of updates and patches so you can include them in your regular scheduled maintenance. When it comes to emergency or urgent patches, treat them as a priority. Recent incidents with WannaCry and Petya/NotPetya  should have highlighted this.

Am I missing anything?

While this approach seems to consider the current state, make sure to include any new applications as soon as they hit production. Even the latest and greatest systems will be updated at some point. Also, don’t overlook the software and firmware that run on your network appliances, physical and virtual. The programs that run your routers, switches, firewalls, load balancers and so on are still applications.

How do I start?

Take a deep breath and realise this isn’t going to happen overnight. Get the right people involved and don’t hesitate to put your hand up if you need some help. Begin with your current application inventory and if you’ve recently undertaken an Application Whitelisting project, you should already have that. Prioritise your applications and make sure you have the latest stable version of each. If you are a few versions behind, acquire, test, and deploy the patches using your change management process. Rinse and repeat!

Read more from the ASD Essential Eight Explained series.

Go to: Part 1: Application Whitelisting


Tags: ACSC Essential Eight, Cybersecurity, Network Security, Patching Applications

Featured

Related

The Southport School Revisited
The Southport School: Four Years On

How have their investments in wireless networking and security paid off after four years? Download Customer…

Palo Alto Security Growth Partner of the Year
Data#3 Triumphs with Palo Alto Networks Security Award

November 11, 2022; Sydney, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Delivering-the-Digital-Future-Securely
Delivering the Digital Future, Securely

Cyber security challenges continue to evolve, compliance obligations increase and skills shortages stress your teams – what if we could…

ACSC Essential Eight Maturity Model: Regular Backups
Essential Eight Maturity Model: Regular Backups

In 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cyber Security Incidents Maturity…

Data#3 Named Global Cisco Security Partner of the Year
Data#3 Accomplishes Five Year Winning Streak – Named 2022 Global Security Leader

November 02, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Blog - Network Visibility and Authentication
Network visibility and authentication: Your school’s cyber security superpowers

When it comes to cyber security, schools need to be as vigilant as any business. After all, they deal with…

Aruba EdgeConnect SD-WAN Security
Evolving your SD-WAN security for a cloud-first world

Traditional SD-WAN security has consisted of encryption and IPsec tunnels with support for VPNs and stateful firewalls – but…

Data#3 name Dell Technologies Top Performer Award
Data#3 named Dell Technologies Top Performer 2022 for Australia

September 12, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is delighted to announce that it has…