Every day at Censys we hear a variety of scenarios security teams encounter, many of which have severe consequences to the business. Some of the common ones we’ve heard are:
- We’re in the process of migrating to the cloud to reduce costs.
- Our company recently acquired another company which has made it difficult to understand where everything lives across our environment.
- An accidental misconfiguration happened, resulting in publicly accessible assets that shouldn’t be.
These scenarios happen all the time and across industries. While each has their own set of specific challenges, cleaning up assets using end-of-life (EOL) software can impact all of them. When we say end-of-life, we are talking about software that is no longer actively updated or patched by their maintainer. Now, simply because something is end-of-life, doesn’t mean there isn’t a purpose for it in your environment. However, the organization must understand the risks that come with continuing to use the software and protect those assets appropriately.
Because of the fast-paced nature of software development, this challenge is not going away anytime soon. The software lifecycle, like most things, has an expiration date. So how do we operate in this ecosystem? More importantly, what are some solutions that get to the root cause of our security challenges around end of life software?
We recommend two key things to help monitor your attack surface for EOL issues:
- Improve your Visibility
- Proactively Plan
1. Better Visibility
How many clicks, emails, slacks, meetings, and open spreadsheets does it take for you to know where every asset in your attack surface is? What about the assets that are at risk to the newest CVE that dropped while you were at lunch? Okay, now that you’ve found that list, how confident are you that it is up-to-date? And how certain are you that this is EVERYTHING?
Gaining the best visibility of your attack surface is a critical first step when taking inventory and making decisions around how you will manage the security of all the things you are responsible for. Full and complete visibility you are confident about is going to be the most helpful for you in this scenario. Ideally, you would have a centralized source of truth that contains everything in your attack surface and information about the software running on any hosts you are responsible for. That information also needs to be updated in a timely manner to reflect the most current environment and is not stale or outdated.
2. Proactive Planning
Okay, so you can confidently answer where your EOL software is across your environment. What’s next?
We need to operationalize this information and solve the problem at hand. This may be by updating, placing assets behind a firewall, spinning things down, or other strategies based on your threat model across your organization.
The purpose of better visibility is to be able to wrap your arms around what could be risky to you and your business and protect them. So, here is where proactive planning comes into play. Update the old, institute transition plans, and reduce the number of vulnerabilities in your environment.
Taking care of current EOL software is one thing, but now being empowered to plan for these types of transitions is really where your team will thrive. Leverage that same visibility to understand when that new version of Apache is going to no longer be supported, and put a plan in place now. The same can be said for cloud migrations. If you know there are multiple hosts running outdated software and they will be publicly facing, then factor some of the required update time into your transition plan.
Building Confidence with Censys
We know that this all starts with knowing what belongs to your organization. All your assets need to be accounted for before you can begin deploying controls and mitigations. Technology environments will continue to grow in complexity regardless of the size of your team. With the Censys ASM Platform, we enable teams to optimize their attack surface management program with confidence and accuracy, giving them the best visibility into what they need to protect.
To learn more about Censys’s Attack Surface Management Platform, visit our website or request a demo today.