Patch Perfect – How to stop a robber from breaking into your garage (Article 2 of Heimdal Security series)

Patch Perfect – How to stop a robber from breaking into your garage (Article 2 of Heimdal Security series)

23rd January 2017 Security


So, in article 1, we have already discovered how 91.3% of second generation malware dials back for its encryption key via DNS. It is important now to look at the first layer of defence.

Software patching is probably the least valued topic within the cybersecurity realm. I imagine that this is because it is largely considered a mundane, simple and unimportant task. It also doesn’t help that it is often thought of as a separate activity when considering your overall cybersecurity strategy. Most MSPs will be using an automated system for patching Microsoft services, perhaps via a remote management tool. In this article, part 2 of Brigantia’s ‘Heimdal Security series’, I will explain why patch management should be deemed the most critical aspect of any security strategy and how, through Heimdal Security, you can operate the most effective and secure infrastructure available.

Maintaining a strong security portfolio often centres around having a robust, powerful front end anti-virus and a form of filtering solution… but why is keeping your applications up to date even more important than just that? Software patching isn’t just about keeping your applications up to date to benefit from the newest features, or a swankier look and feel. The most important reason behind why companies push out new software updates is because, chances are, a hacker somewhere has managed to find a loophole in said application and they need to force out an update to cover it up. These loopholes are known as vulnerabilities and are best described by a good old analogy:

Your workstation is like a brick built house for all of your virtual assets; photos, music, documents, passwords, data history etc. and each new application that you install on your workstation is like a new physical addition to your house, e.g. a new conservatory or even a garage. These physical additions connect to the main house and use the electricity, heating or water infrastructure… and so as you build more and more onto your house, the overall security of your house is defined by the weakest entry point. Therefore, if you use a dodgy builder to build your garage and they leave a hole in the back wall, a robber can sneak in and steal your goods. However, once the builder realises they forgot to finish your garage, they will come back and cover the hole up to stop the robber from getting in – this is software patching.

At this point, you might question the analogy and ask “How on earth did the builder do such a poor job and forget to finish my garage wall?” Without being cynical… the answer is because we are human. Software applications have been written by us and so naturally, there will be mistakes! This is unfortunately what leads to the vast majority of hacks.

So, what techniques do the robbers use to get into your garage?

According to Heimdal Security, over 85% of hacker attacks target vulnerabilities and exploits within application software (the figure from Sophos and Bitdefender is as high as 95%). Using the Internet to hack has been the norm for quite some time now, but I think it’s important to drill down into the detail and look a little bit more into the techniques used to exploit that hole in the garage wall…

Software exploits can attack anything from third party software to ‘cross-site scripting’ (XSS). However, by far the most commonly targeted applications on computers is Java, Adobe Flash Player and Adobe Acrobat Reader. Although attacks on web browsers like Google Chrome and IE are starting to happen a bit more, because 99% of computers worldwide run Flash Player and Java applications, these will always remain the hotspots for cyber criminals. These application vulnerabilities are known as ‘critical’, which means that clicking on a malware advert can give a hacker full access to your machine. It’s important to note here that although it is the source of infection, it isn’t usually the websites fault, but it is the concealed content loaded from another website through something like an iFrame that causes the problem.

So what type of websites contain the malware infected software vulnerabilities? According to data extracted from our comprehensive Heimdal Security Intelligence Database:

  • 90% – delivered from advertising networks
  • 4.63% – websites being used only for malicious purposes
  • 4.1% – delivered from remarketing networks
  • 1.2% – the actual website itself, which is malware infected
  • 0.04% – typo squatting normal websites
  • 0.03% – Content Delivery Networks

Some of the categories above deserve a more in depth look on the type of attack used. Within the category of websites used only for malicious purposes, the split of the attack type is:

  • 88.6% – websites used to deliver drive-by downloads
  • 10.7% – websites used for phishing attacks
  • 0.7% – websites used for redirecting the user to other destinations on the Internet, which are malware infected.

The above has just simplified why it is so crucial to use a cybersecurity solution that has a sophisticated web-filtering tool as well as an effective patch management system.

How does the builder repair the garage wall?

Heimdal is designed to automatically detect what software you have on your machines. If it detects older software versions, it will automatically patch them. These patches are downloaded directly from the official servers and Heimdal will only add special code to enable the patches to be installed silently and at the correct time. The machine is never automatically restarted, permissions never requested and a running application is never closed – preventing any disruption whatsoever and delivering a true, silent patch.

The applications included and monitored in the Patch Management system are selected based on the following criteria:

  • One or more versions contain vulnerabilities, which are corrected in updated versions
  • Vulnerabilities pose a security risk and are therefore actively used by cyber criminals

In order to technically install the patch, Heimdal Security will look for the DisplayName property of the application, match the application and then assess the DisplayVersion property – if the version is older than the latest one the Heimdal will apply the patch. Heimdal scans each machine every hour for any new application updates and applies these patches in the most efficient way across any infrastructure. If you would like any additional technical information on this process, please don’t hesitate to contact me.

So, I hope I have been able to demonstrate how and why patch management is so important, whether you are an MSP, reseller or simply a personal PC user. When installing and using an application, you are immediately sacrificing your machine to the vulnerabilities of that software. Returning to my analogy – you don’t have the materials or tools to build a garage yourself, so you put your trust in a builder to do it. If they leave a hole in the wall, you need to make sure they have a way of coming back to repair it as quickly and effectively as possible. The same applies to your patching strategy. Not only does Heimdal patch quickly and silently, but remember this is layer one of five levels of defence.

The Heimdal Security series articles have attempted to break down the barriers put up by the larger security companies… if you take two points from these two articles or have two questions to ask of your security strategy, make them the below:

  • Does your solution offer HTTP/HTTPS AND DNS level filtering at endpoint level?
  • What is your 3rd party application patching strategy and how efficient is it?

Brigantia has exclusive wholesale terms with Heimdal Security, the immediate answer for security and protection from ransomware. If you would like any more information about the solution, please get in touch via email or on 020 3358 0090.

About the author

Henry Chaw:

  Join our newsletter