Hitting Pause on “Patch Tuesday”

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Thousands of new software vulnerabilities and exploits are discovered each year, requiring diligent software patch distribution by software vendors on top of patch management by system and security administrators in every organization. This regular flow of patches and updates often lands on “Patch Tuesday,” the monthly or semimonthly day when Microsoft releases security patches for its software.

Patching is a critical part of a sound endpoint protection strategy. However, patch management only protects an organization’s endpoints after vulnerabilities are discovered and patched. Delays of days, weeks or longer are inevitable as patches for newly discovered vulnerabilities must be developed, distributed, tested and deployed. Although patch management is an important aspect of any information security program, much like signature‐based anti-malware detection, it is an endless race against time that offers no protection against zero‐day exploits. Vulnerability exploits, however, constitute the primary reason patches are applied.

A great deal of attention has been paid to malware since the earliest days of computing, and although malware prevention is critical to endpoint protection, it is only one part of a comprehensive endpoint security strategy. Exploit prevention is equally important but less understood.


Understanding Exploit Techniques

Many advanced threats work by placing malicious code in seemingly innocuous data files. When these files are opened, the malicious code leverages unpatched vulnerabilities in the native application used to view the file, and the code executes. Because the application being exploited is allowed by IT security policy, this type of attack bypasses application whitelisting controls.

Although there are many thousands of exploits, they all rely on a small set of core techniques that change infrequently. Regardless of the exploit or its complexity, for an attack to succeed, the attacker must execute a series of these core exploit techniques in sequence, like navigating a maze to reach the goal.


Figure 1: Focus on exploit techniques, not exploits themselves


Traps focuses on the core techniques all exploits use and, by rendering those techniques ineffective, negates application vulnerabilities whether they are patched or not.


Figure 2: Six years of innovative exploit prevention


Naturally, it’s still best to keep up with the latest security patches. However, Traps gives you the option, and confidence, to hit “pause” on Patch Tuesday, knowing that Traps will continue protecting vulnerable applications. The Traps agent injects itself into individual processes as they start up. If a process attempts to execute any core attack technique, the corresponding exploit prevention module, or EPM, prevents that exploit, kills the process and reports details to Traps management service.


Figure 3: Multiple methods of exploit prevention


By default, Traps policies are configured to protect more than 100 processes, each with dozens of proprietary EPMs. Beyond the defaults, you can protect all manner of processes and applications by simply adding them to the policy configuration. Processes that have run on the endpoint automatically show up in the management console, making it easy to protect them with the click of a button. This is especially useful for organizations running industry‐specific applications, such as point‐of‐sale systems, ATMs and SCADA systems.

A prevention-based endpoint protection strategy intercepts and blocks attacks before malicious activity occurs on endpoints. This means preventing an exploit from running or preventing malware from being executed. Such a proactive approach proves an ounce of prevention is worth a pound of cure. 

Watch the webinar “5 Endpoint Protection Best Practices” to learn the essential requirements for endpoint protection, and how Traps advanced endpoint protection is simple to deploy and manage, providing a prevention-first approach that protects endpoints from malware, exploits and ransomware.

The post Hitting Pause on “Patch Tuesday” appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?