Every month, security professionals the World over pucker up and through their collective fingers and accompanied sharp intakes of breath, review the critical (and less so) vulnerabilities that Microsoft has patched on the dreaded ‘Patch Tuesday’.
Barely a month goes by without disturbing news. Recently we have had the ZeroLogin debacle – still under active attack everywhere (see last weeks blog) and this month we have an announcement that a crafted IPV6 ICMP (Internet Control Message Protocol) can be used to bust a Windows machine’s memory and allow remote code execution. If you have been asking yourself ‘what is IPV6 good for in my company network ?’, firstly you are not alone and secondly now you know. `this particularly nasty is described here and along with 21 other remote code execution vulnerabilities will be needing patching.
We understand that sometimes it is just not possible to patch everything in rapid order, somewhat akin to changing the wheels on a moving car, or at least an anxious manoeuvre a la Formula 1 .
This is why at Tiberium we advocate prioritising patching to correspond with real risk, our tooling can identify vulnerable systems that are, for instance, Internet or Third party facing which clearly need more urgent attention. Obviously all systems require patching but prioritisation enables you to sleep better at night, in fact to actually have any sleep.
As we all tut and curse at Microsoft, well aware that there is a lot of old code running around in those pesky operating systems, we rarely acknowledge the good work that Microsoft does to actively identify and prevent malicious activity.
This week, Microsoft, working with ‘US Cyber Command’, presumably where Fatima the ballerina will be working presently, and other tech companies have worked together to taker down the back end infrastructure of the TrickBot malware which is essentially a toolkit for enabling human operated attacks, ransomware deployment, data theft – the whole kit and caboodle. In these trying times with lads of working from home and general disruption, the last thing you need is a dose TrickBot or the malaise that accompanies it. You can read all about the takedown here. Obviously don’t forget to give your Microsoft representative a call or a pat on the back, that would take them by surprise.
Proving that they are taking security very seriously, Microsoft is warning about a new Ransomware variant for Android .
The good news, and quite a coincidence, is that Microsoft Defender for Endpoint has you covered should you be licensed for and running the relevant Microsoft products and running them correctly .
We have been working with Microsoft for some time and the task of keeping up with product name changes, licensing and functionality is a time consuming and complex business. The good news is that if you get it right there is a world of functionality that you can leverage without necessarily investing in third party tools.
This is especially true in the cloud/mobile and endpoint worlds where the functionality on offer is very broad indeed. We have built a zero trust model for the enrolment, access and management of multiple platform endpoints which is (providing you have the correct licensing, of course) auditable.
As with all things cloud, the functionality not to mention product names and groupings is always changing which means that you cannot just build a platform and stand back for a few years. In a constantly evolving world it is imperative to constantly evolve, if not just to maximise the functionality and utility of your licences.
This is where Tiberium comes in. Our Hybrid Secure Operations Centre (built on Azure Sentinel) and associated tooling combined with our experience and expertise can provision and manage appropriate security controls for your business, keeping everything current and advising you about improvements, opportunities and even, perish the thought, issues.
We would love to talk it through with you and offer you a demo or a test environment. If you are interested, please contact us.