Has Patch Tuesday become an all too familiar nightmarish ritual that shows signs of only escalating numbers of vulnerabilities to be patched? Does each month represent a new record in the time taken by your IT staff to get critical systems (servers and devices) and laptops patched?
If December 14 is an indication of the blistering pace that vulnerabilities will unfold in 2011, you’re in for one hellish ride if you don’t have a proactive security strategy in place!
IT security pundits have long advocated an approach that combines signature-based protection with behavior, reputation, and threat correlation to detect and reduce the risk of emerging threats and unpatched vulnerabilities. Additionally, many recommend augmenting these techniques with application whitelisting, which actively protects good code.
So, here are 3 simple steps to achieving peace of mind in 2011:
1. Block the bad:
• Continue to deploy anti-virus, anti-spam, and anti-spyware solutions at the endpoint, server, or gateway to detect, clean, and kill known malware before it can attempt to install
• Use a stateful desktop firewall and Host IPS to protected trusted applications against known vulnerabilities and specific attacks on the host. Solutions that include buffer overflow and memory protection will greatly alleviate the need to patch immediately by monitoring applications and protecting critical memory address space.
2. Trust the good:
• Augment your existing approaches by using whitelsiting to ensure that only trusted applications run on servers , fixed-function devices, thin clients, virtualized and older systems that are no longer supported by security patches
3. Act on the unknown:
• Since there is so much new content and new malicious code out there, it’s critical to buttress these approaches with real –time threat data that factors in all key threat vectors as well as behavior, reputation, vulnerability data,. This guidance needs to be received in real time at the host, network and gateway for active, non-stop protection against new threats.