Security Breaches Everywhere: Keeping Your Company Out of the Headlines

Bunker BlogLately, it seems not a day goes by without news of a security breach dominating the headlines. The Target breach last fall set off waves of copycat attacks that still, nearly a year later, are successfully infiltrating the networks of prominent retailers. Recently, we’ve seen the likes of P.F. Chang, Dairy Queen, and Minneapolis-based SUPERVALU join the ranks of hacked retailers.

I sat down with Rob Juncker to chat about these hacks and the unique challenges that companies in certain business like retailer and health care face in securing their environments. In addition to being the Vice President of R&D here at Shavlik, Rob also dabbles in white hat hacking.

 

Anne:  Rob, the Target breach really got our attention as both consumers and as an industry. Now, nearly a year later, what do we know about the Target breach? How did it happen?

Rob:  We know an external hacker managed to take control and infiltrate Target’s system by way of a very unsecure node that was allowed to operate on their network. This was a complicated attack because they infiltrated a node, jumped onto Target’s network, and then had ample time to search the network, to find vulnerabilities, and to infect machines.

They infected the machines by injecting BlackPOS. It located point of sale (POS) devices, looked for specific processes on those machines, stared into their memory, and tried to match data formatted in the same manner that credit card tracks are formatted. After it found credit card data, BlackPOS sent it out of Target’s network to a location where the hackers could grab it.

Anne:  One thing that really stands out there is that they attacked a more or less forgotten node and not the data center. As an IT community, we invest so much of our energy into securing the data center, but from this example we see that isn’t enough.

Rob:  Most people focus on securing the most important assets within their network. The entire Target hack happened on the least valuable parts of the network – a computer designed for remote diagnostics as well as POS’s which are typically the cheapest nodes and the cheapest OS’s. These hackers could have never gained access to Target’s core databases, but they didn’t have to. They simply attacked the nodes where the data is collected.

Anne:  Do retailers face unique challenges in securing their IT infrastructure?

Rob:  Retailers have incredibly complex environments – all of these terminals out on a WAN in all of these stores. Nobody in IT is hands-on because every store can’t have its own IT department, and the devices are running various OS’s that have various third-party applications resident on them. This makes for a perfect storm for retailers to be exploited. Health care providers have similar complexity when you think about all of the nodes spread out throughout a hospital or a clinic.

Anne:  Here at Shavlik we are quick to share the figure that 75% of vulnerabilities exploited in the wild already have software updates (patches) available to fix them. How important is patch management in preventing these types of breaches?

Rob:  If you aren’t properly patched, someone can use off-the-shelf scripts to get access to that network. The Target hack was a professional hack. They knew what they were doing. That was the first, but all of these others are simple variants of the same approach. This has gone from being the work of an experienced hacker to that of a script kiddie. It is now readily repeatable, and we have a population of hackers attacking every site they can find.

Patch management is an important piece of having a full security profile for your entire network. Exploiting a known vulnerability is step one of the process. If you can reduce the ease of doing that, hackers are likely to move on to someone else.

Anne:  Most IT departments are disciplined about patching their data center servers with tools like Shavlik Protect and patching endpoint OS’s with tools like Microsoft System Center Configuration Manager (SCCM). Let’s assume the OS is up-to-date. Is that good enough?

Rob:  No. Because they have POS’s running a Windows OS, it is guaranteed there are third-party applications running on those devices. It could be an embedded internet browser or an embedded PDF generator. Worse, it could be Java which is the most exploited third-party application.

The existence of third-party app’s isn’t a “maybe;” it is a “for sure.” CIO’s around the world should ask themselves, “It’s great the we patch Windows, but do we patch everything else?” If the answer is “no,” are you willing to bet your job on that decision?

Anne:  Of course CIO’s don’t want to risk their jobs over something as simple as third-party app patching, but given the complexity of their networks, are IT departments for retailers faced with a lose/lose decision between knowingly remaining unsecure versus spending all of their time on patching?

Rob:  For those companies who have SCCM, Shavlik Patch for Microsoft System Center makes the decision easy. With Shavlik Patch retailers can patch third-party applications from within SCCM in the same manner in which they patch the OS. They can also completely automate the process which means they can get into a “set and forget” mode for applying third-party updates. Third-party patching doesn’t have to be a difficult or arduous process. If it feels that way, Shavlik can help you out.

 

Patch management is critical, but it is just one piece of the security puzzle. In the next post in this series, Rob will dig deeper into the technical details of the Target hack, discuss how you can determine if BlackPOS already exists in your environment, and explain how you can cut off its communication lines if/when it finds its way into your network.

Also, if you’d like to join a discussion on this topic, Shavlik will be hosting a webinar on September 30.

Security Breaches Everywhere – Help your company stay out of the headlines
Thursday, October 2, 2014 10:00 am CDT
Register Now

Windows IT Pro Weighs in on Shavlik Patch

You’ve heard a lot of talk from us about the new Shavlik Patch for Microsoft System Center, but you may be wondering, “What are people who don’t have the word ‘Shavlik’ on their business cards saying about this new product?”

Windows IT Pro Community Manager Rod Trent answered just that in his article Shavlik Patch for System Center Simplifies Securing the Other 86 Percent of Windows Vulnerabilities. Trent is a leading expert on Microsoft System Center technologies and has more than 25 years of IT experience.

Here are some of his insights.

  • “…86% of reported vulnerabilities come from third-party applications, 10% comes from the operating system itself, and 4% is attributed to the hardware.”
  • “Shavlik Patch for System Center takes a normally manual process for third party application patches and automates it such that administrators can have the confidence that the ‘other 86%’ of known vulnerabilities are covered.”
  • “Shavlik was one of the first vendors to understand the need to patch products other than those provided by Microsoft. …the company knows patching.”
  • “Configuration is easy and scheduling is provided to automate the download of deployable .cab files and publishing of updates.”
  • “In addition to the console integration, the product also takes full advantage of the capabilities built into ConfigMgr for targeted deployments of software patches.”

Learn more about Shavlik Patch for Microsoft System Center or download a free trial here.

 

What Does Shavlik Patch Mean to Existing SCUPdates Customers?

Earlier this week, Shavlik announced the release of Shavlik Patch for Microsoft System Center. As an existing SCUPdates user, this likely left you with a number of questions. Let’s talk about them.

 

Q: We are using SCUPdates with SCCM 2007. What does this mean to us?

A: Nothing changes for you. You still have all the goodness of SCUPdates just with a shiny new name. If your organization is evaluating moving up to SCCM 2012, read on to see what the future holds.

 

Q: We are using SCUPdates with SCCM 2012. What does this mean to us?

A: A lot! You read earlier this week about the add-in, its tight integration with SCCM, and how easy it is to install and configure.  Hopefully, you attended our webinar yesterday and saw it in action. If not, check out the following.

  • Learn more about Shavlik Patch here.
  • View quick videos about how to install and configure Shavlik Patch here.
  • Download a free trial of Shavlik Patch here.
  • View user documentation for Shavlik Patch here.

 

Q: Lovely marketing material…tell me something technical.

A: Special logic has been added within the add-in for patching difficult to handle applications like Java. In the case of Java, you might find that updates often fail because Java doesn’t uninstall correctly when it is running. The Shavlik Patch add-in will

  • Uninstall Java
  • Detect if it was uninstalled incorrectly
  • Schedule the install on reboot if needed
  • Inform the SCCM Agent if a reboot is required

The Shavlik Patch add-in will also handle Apple updates that are bundled in with the QuickTime and iTunes patches such as Apple Mobile Device Support and Apple Application Support.

 

Q: If I am on SCCM 2012, do I have to switch over to the add-in?

A: No. We think you will want to, but you do not have to. Customers can choose to use the add-in configuration, the catalog file configuration, or even both if that makes sense in your environment. Your choice of configuration does not affect your licensing.

 

Q: Do we have to pay more to get the new SCCM add-in?

A: Nope, as a current SCUPdates customer, you are entitled to the add-in or the catalog file configuration. You may download the add-in at http://www.shavlik.com/downloads/patch/ and begin using it immediately.

 

Q: I’ve had this product for a few years and haven’t seen you guys do much of anything with it. Is this release a signal of increased investment by your technology team?

A: Absolutely! Yes, we haven’t had a release in some time, but we have been listening to you. Here’s some things you have been asking for that are addressed with the add-in.

  • Automatically download the catalog files
  • Handle Java better
  • Automate publishing to WSUS

Here’s some other things you have been asking for that are on our roadmap for upcoming releases.

  • Disable auto updaters
  • Expanded product support
  • Support for supercedence

The Next Generation of SCUPdates, Shavlik Patch for Microsoft System Center, Is Here

Shavlik is happy to announce the release of Shavlik Patch for Microsoft System Center. This follow-on to Shavlik SCUPdates provides third-party patching within Microsoft System Center Configuration Manager (SCCM) and does it in such a manner that third-party patching has never been easier.

 

What’s cool in Shavlik Patch?

If you are using SCCM 2012 (or later versions)…

  • Ability to patch more than 100 popular applications completely within Configuration Manager
  • An integrated add-in for the Configuration Manager console that no longer requires the use of System Center Updates Publisher (SCUP)
  • Automatically check for and download patch data from Shavlik
  • Publish new patches through SCCM manually or automatically
  • Smart handling of difficult to install patches like Java

If you are using SCCM 2007…

  • Continue to enjoy the goodness of SCUPdates just with a new name

 

Want to see it in action?

Join Shavlik Chief Marketing Officer Steve Morton, Systems Engineer John Rush, and I as we discuss the details of the new release and show you how Shavlik Patch will revolutionize the way you perform third-party patching within Configuration Manager.

Introducing the New Shavlik Patch for Microsoft System Center
Wednesday, February 12, 2014 10:00 a.m. CST
Register Now

 

Download it now and see for yourself

  • Learn more about Shavlik Patch here.
  • View quick videos about how to install and configure Shavlik Patch here.
  • Download a free trial of Shavlik Patch here.
  • View user documentation for Shavlik Patch here.

See you all at the webinar on Wednesday and check back later this week for an additional post providing more info on what this release means to existing SCUPdates customers.