Oracle & SAP security patching failings highlighted by ‘WannaCry’
The recent WannaCry ransomware attack affected many organisations from both the public and private sectors across all continents. It targeted IT systems by encrypting data, then demanded ransom payments in untraceable Bitcoin.
May’s attacks were thought to have infected over 230,000 computerised systems in over 150 countries, with the UK’s NHS widely affected and reports of 70,000 devices disrupted including MRI scanners, medical storage fridges and operating theatre equipment.
The latest attack has raised questions about Oracle and SAP security patching and their outdated strategies. The stringent controls that customers put in place to apply patches to test systems, go through testing and promote patches through various environments before the live system is protected is an old-fashioned model that leaves customers open to attack.
Seth Ravin, CEO of Rimini Street has been vocal in the press claiming that security patching is an outdated model and that customers should be responsible for their own firewalls and security protections. At Support Revolution, we agree with Seth in principle, but we offer our customers a Virtual Patching solution that protects their whole environment including older software that the manufacturers no longer support.
With economic losses from this attack estimated at being in the hundreds of millions, cyber security remains at the top CTO/CIO priorities. Support Revolution takes security equally as seriously and we pride ourselves with delivering an even better service than most vendors.
Our support model is based on being proactive, which also applies to security patching. With current vendor security patching, security patches are received quarterly and on average, most customers don’t apply them for 3 to 6 months later, due to the time it takes to progress these patches through their internal test environments, while competing with Business As Usual (BAU) project work. This scenario can leave customers vulnerable to threats for long periods of time.
This method of security patching is out of date, as it is dependent on the vendor identifying loopholes within the vendor’s own code, that can be accessed maliciously – a very reactive approach.
A more proactive solution is to monitor the endpoint of the servers and databases in question and monitor the network traffic and signatures to identify malicious threats instantaneously then provide protection immediately. This patching solution is called Virtual Patching and here at Support Revolution, we use the Trend Micro Deep Security Solution, recognised by Gartner as the market leader, as per the magic quadrant below: Read the 2017 Gartner® Magic Quadrant for Endpoint Protection Platforms report
Our virtual patching approach enables organisations to apply fixes in almost real time. Virtual patching also goes above and beyond the current fixes offered by the big vendors. For example, customers who are on an Extended Support contract only receive patches and fixes for ‘existing’ issues, meaning customers don’t have access to patches identified for new threats. Our solution, takes care of the ‘older’ versions as well, therefore offering a much improved and secure service.
The latest WannaCry threat was identified on Friday 12th May 2017, Trend Micro had a virtual patching solution within just a few days, which meant none of the Support Revolution customers were affected by this attack.
We’d welcome the opportunity to explain our ISO accredited security fix processes, if you’d like to find out more, please contact us.