You are here

SAM & IT Security – PT II

Written by David Foxen On the 0 Comments

IDENTIFYING UNSUPPORTED SOFTWARE

The past few years has seen support end for a number of globally used products. The likes of Windows XP and Windows Server 2003 are now unsupported by Microsoft, which means that there will no longer be updates or patches for these products. While both Windows XP and Windows Server 2003 have both been superseded by more capable replacements, the simple fact is that you will still find instances of devices running these operating systems in a variety of scenarios, be it that one machine that runs bespoke manufacturing software that can only be run on Windows XP, or the old server running Windows 2003 that simply ‘cannot be touched’ for whatever reason. It’s somewhat of a catch-22 situation.

On the one hand these unsupported products are still mission-critical; but on the other they represent a security risk, as the lack of updates and patches means they could create a backdoor onto the network and may become a prime target for hackers.

There’s no perfect answer, but armed with an effective Software Asset Management (SAM) solution, those charged with managing the organization’s software inventory can help their security colleagues by pinpointing instances of devices running unsupported operating systems and applications, so that if nothing else a closer eye can be kept on them. Software entering the end of support phase poses a big security threat.

The vendor will no longer provide product or security updates, so it could prove to be a open door to cyberattacks. Software vendors make you aware of the end of support dates of their products via their website or through email communications.

As part of Snow’s Software Recognition Service, the end of support date for a growing number of applications is automatically populated for you. If the vendor decides to change or move the end of support date, or you need to manually enter a date, then you can do so using the Snow SAM platform..

For lesser-known or niche vendors, Snow License Manager offers the SAM team a number of ways to make identifying unsupported software easy:

  1. Use the ‘custom field’ function entitled ‘Out of Support’. You can then simply tick the ‘Out of Support’ custom field to identify applications that may pose a risk.
  2. Create a custom report within SLM and specify the applications you wish it to report on. Based on the creation of a custom field, you can specifically report on the software (and the machines that they are home to) that are out of support. This report can then be saved and made available on-demand with the relevant security teams through Snow License Manager’s custom ‘Snowboard’ management dashboards. SAM teams also have the option to schedule a regular report to be sent by email so you can compare and contrast between previous reports.
  3. Edit the title of the software in the Administration Console to say something like ‘Windows Server 2003 Standard *UNSUPPORTED*. This will make it easy to see unsupported applications when creating a report.
  4. Blacklist the application. Depending on the size of your organization, you shouldn’t have too many blacklisted applications. Use the blacklisting feature to blacklist any unsupported software so that you can receive alerts within your Snowboard interface.

The SAM team can help defend against this threat by making sure the right processes are in place to ensure there is complete visibility of the software estate.

SERVER PATCHES

As the datacenter is quite possibly the most important environment within any IT function, it is vitally important that all of the servers within the datacenter are protected. Datacenters are subject to a steady flow of patch releases which include both security and productivity enhancements.

Architecture and infrastructure teams are always interested in knowing what patches are on what servers, and that type of information can be provided by the SAM team.

Inventory tools are a good place to start, as long as the SAM team is confident in the accuracy of the data and that the inventory agent is on the server. With Snow Inventory, the SAM team can paint a picture of when a server was last patched, and what that patch information is ( a name or number).

Snow Inventory supports major enterprise platforms such as Windows, Linux, UNIX and VDI which helps provide transparency and clarity of the whole IT estate. Snow Inventory provides information on server patch levels, enabling the SAM function to provide IT Security and the Architecture teams with valuable data that will help ensure servers are up-to-date in terms of functionality and security.

Once the raw data has been cleansed and normalized through Snow’s Software Recognition Service, it is then fed in to Snow License Manager where there are a number of standard reports that helps to identify the servers, server hardware specification and associated virtual machines.

While this is a simple and easy job for the SAM team, it is highlighting the important data that SAM and SAM technologies can provide, and further emphasizes the overall business impact SAM can have.

DATA SECURITY

Other types of data security that impact organizations are the data on physical devices. Organizations tend to have ‘shared drives’ that users backup their documents to, but what about sensitive information that is stored locally on a laptop? This is where the relationship between SAM and IT Security comes into play. Where the organization may not have the ability to remotely wipe a laptop (for example it may not be connected to a network or have the right software etc.), the SAM team can provide the business with important information and data about the device.

Once the information regarding the lost device has been gathered through Snow License Manager, the Service Desk team can then provide the user with a new device with the same configuration and software. The user may be up-and-running again, but there may be unrecoverable data on the lost device.

All machines should be backed-up on a regular basis, so the organization may be able to recover important files. There have been a number of high profile cases in which sensitive and secret information has been only saved on a laptop, and then the user has left it on a train.

TAKE CONTROL

Start by building the relationship with your IT Security team. I would suggest a meeting to discuss the following ways in which SAM can assist them in keeping out unwanted attacks:

  1. Unauthorized software. Provide the IT Security team with a report from Snow License Manager highlighting all of the blacklisted or unauthorized software that is installed within the estate.
  2. Anti virus software transparency. Show the IT Security team the different anti virus software that is installed on corporate machines. This goes for different manufacters and differing editions or versions of the same product family.
  3. Unsupported software. Through the methods mentioned in this article, the SAM team can present a report from Snow License Manager that identifies all of the unsupported software within the estate. This can be generated from the automatic dates added by Snow Software Recognition Service, or through the custom fields method.
  4. Server Patches. Explain to the datacenter security teams that you can provide them with valuable and accurate patching information. Provide them with an example from your own Snow Inventory records and highlight the different patch levels on your datacenters.
  5. Data Security. Argue the case as to why SAM and IT Security should work closely thanks to SAM data. Provide them with a scenario in which SAM data can help address a user losing a machine. Emphasize the fact that through a simple user search in Snow License Manager you can identify the machine name, hardware configuration and installed software.

All of the above shows the value that software asset management can bring to the IT Security team. Leading IT Security analysts* state that it takes on average 146 days to discover a security breach within the IT Landscape, which is a huge amount of time for hackers to gain access to sensitive systems and data.

Take advantage of SAM and Snow License Manager by providing timely and accurate reports to the IT Security department.

By providing reports, the SAM function is essentially giving the security department information they currently do not have in order to make informed decisions that will help keep your corporate data safe.

Read Part 1 in our IT Security & SAM blog series to understand further the impact Software Asset Management can have on IT Security. 

*Source: https://www2.fireeye.com/M-Trends-2016.html