WannaCry Patching: Clean up in Aisle 3
So, if you’ve been keeping up with current events, you know that a nasty bit of malware backed by nation state quality tools just had its way with more than 70,000 systems worldwide. It was an ugly weekend for a lot of IT organizations in industries from healthcare to logistics to government services.
The focus of course is always those that got compromised. After all, they’re the ones doing the long walk to the bosses’ office to explain why hundreds of desktops are locked out, file servers are offline, and how all the money and talent they’ve invested in their IT security has so completely and comprehensively failed.
But what about the organizations that dodged this malware bullet? Guess what? Most of them had a bad weekend too. Why? Because they were vulnerable. I’ve spoken to IT professionals across a wide variety of fields and almost everyone was working over the weekend. Why? They were patching servers. Manually patching servers in many cases.
Whole enterprise environments with thousands of users, with no consistent endpoint management or endpoint protection to fall back on.They were left with no choice but to scramble their IT teams to work around the clock to ensure their environment was safe.
You can laugh at their plight – but before you do – make sure you’re not guilty too.
It isn’t always laziness or some inherent “cheapness” that leads organizations that know better to allow for bad situations to fester in their IT ecosystems. More companies than you might think have them. Smart companies, big companies, full of smart people that all know better. I’ve seen research organizations dependent on hardware for crazy things like electron microscopes that can only be managed and run on a single Windows XP desktop. Or whole systems that still manage mission critical parts of their active directory on outdated Windows 2003 servers. Most of them are unable to quickly or easily upgrade due to a multitude of reasons: complexity, budget, lack of resource – human and otherwise.
So, these environments persist – and every day that they do – they make everyone else in the organization vulnerable.
Worse, while you would think that the success of WannaCry that this would stimulate change for the better, in many cases the push to stimulate that change is short lived or dies on the vine. After all, just because an organization might want to get rid of their legacy systems, or implement better endpoint management and security – it doesn’t mean that they are going to be able to. After all, the original problems that put them in a compromised situation still exist. That hasn’t changed.
Which means that they’re going to be right back in the same situation when WannaCry 2.0 comes out – and 3.0 – all the way down line. For these organizations, the continued risk exposure will grow and grow and grow. Until one day, their manual efforts aren’t enough, and they too become a victim, hit by the latest malware bullet.
Now before you get too smug, confident that your tightly managed and patch controlled environment is safe – remember – patches don’t always work. They aren’t always deployed on time, and often – the vulnerability that is compromised can’t be patched. Built-in vulnerabilities exist in almost every software package, including modern, fully supported operating systems. Which means that even the most well architected combinations of endpoint management and layered security aren’t enough.
When malware developers can leverage the same tools used by the cyberattack arms of nations to create their mischief, you create a situation where any organization can be vulnerable.
Ultimately you need a different solution. You need one that doesn’t depend on outdated signatures, doesn’t rely on constant updates or fallible threat intelligence feeds. You need something – that works – and works on all your systems, modern and legacy.
enSilo is that product. We use a combination of NextGen antivirus, and post infection protection to ensure that your organization remains safe no matter how many times malware vendors try to make you cry. We protect in a completely different way that works with the operating system to ensure that your day-to-day operations can continue running and your endpoints and data are safe – even if a machine is infected by an advanced infection.
To learn more about how enSilo protects against threats like this check the following out: