The vulnerability recently discovered in Microsoft’s Internet Explorer came at an interesting time in the company’s history. It’s important to note, Microsoft has been warning about the dangers of remaining on an unsupported platform for quite some time. While they did issue a patch for this flaw, they reiterated that “Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system.”
We at Dell have been champions of the message that companies need to switch from Windows XP ever since Microsoft announced that it would be discontinuing support for the platform, not only for the superior features that Windows 7 and Windows 8 bring to the enterprise that help to increase productivity and make life easier on the IT department from the management perspective. And let’s not forget the broader security implications.
The concern with this flaw is not just about the move from a 13 year old operating system onto a newer one for productivity and manageability – the major concern is security. With cyber-attacks such as zero-day, DDoS, spear phishing increasing in number and severity on a daily basis, ensuring that you have the latest OS support is just the tip of the iceberg. So what can you do here to better protect yourself from these attacks and how can we help you?
- Proactively managing the way your endpoints securely connect to the internet is key to safeguard your corporate assets. Dell launched a solution last year –Dell Data Protection (DDP) |Protected Workspace, specifically designed to prevent zero-day attacks exactly like this one by “containerizing” highly targeted applications into a new, secure environment that is seamless, transparent and doesn’t compromise system performance. Because we believe that it is integral to the security of your organization, a complementary one-year subscription to DDP | Protected Workspace is included with all Dell Precision, Latitude and OptiPlex systems.
- Another way to protect the security of your endpoints is to ensure that they are configured for maximum protection and that they are not running software that is easily exploitable. Dell KACE K1000 Management Appliance protects your endpoints by enabling you to quickly change the IE security settings on all of your systems to a level that will protect them from this threat. You can also quickly identify and designate both safe and unsafe web sites for all of your systems and remove and block any unsafe software, such as Adobe Flash.
- Thinking beyond secure endpoints, traditional firewalls are blind to these attacks. Malicious traffic utilizing this vulnerability used to attack end users inside a network appears as 100% legitimate traffic to stateful firewalls. Next Generation Firewall and Unified Threat Management firewalls, as well as Intrusion Prevention systems are designed to protect networks from such attacks. Dell SonicWALL firewall customers that have the Intrusion Prevention service enabled have been protected against this attack.
There is no doubt that the two recent incidents highlight the need to think hard about how to efficiently secure endpoints and ensure that users do not become unwitting accomplices to data breaches, just by using the Internet or opening an email. The first step is to ensure that the foundation of your organization’s IT environment is up to date and supported – but the second, and most important, is to ensure that you understand how your internal IT systems are meeting the world outside your firewall and implementing the necessary solutions to mitigate any breaches of this kind, effectively divorcing the applications from the underlying operating system to ensure that your security isn’t dependent on weekly patches.