Tanium has been used across some of the largest networks in the world to mitigate the risks of several recent vulnerabilities, including WannaCry, Intel AMT, and the HP Audio Driver Keylogger. For each vulnerability, we offered customers the freedom of choice to determine the best mitigation strategy for their business. Patching was an option, but not the only available option. Here’s a detailed look at our most noteworthy accomplishments, and five steps your organization can take now to avoid being caught in the next attack.
(Image: Peter Linforth / Pixabay)
Patching. The level of dread you feel when you hear the word is in direct proportion to the number of endpoints you’re managing. Patching ranks high on the scale of thankless chores in IT because it combines a high risk of failure with a low chance of getting any accolades for doing it right. Nobody in your business notices whether or not you’ve kept up-to-date with patches until an attempt to do so brings down a business-critical application. And who wants their name attached to something like that?
This, in a nutshell, is how we ended up with WannaCry. The troubling aspect of WannaCry is the timeline of events leading up to the ransomware. In late 2016, a hacker group known as Shadow Brokers emerged and announced an auction for leaked NSA hacking tools. Upon learning of the leak, Microsoft began working on a security update. Microsoft even took the unprecedented step of canceling Patch Tuesday in February, for the first time ever. Unfortunately, WannaCry samples started showing up in the wild during the month off. Microsoft released the SMB updates for WannaCry in March 2017. WannaCry made its (unceremonious) arrival on May 12, ultimately affecting some 230,000 endpoints in 150 countries.
WannaCry is certainly not the last we’ll see of the leaked NSA tools and exploits. In fact, reports are surfacing about a new SMB worm called EternalRocks and a new cryptocurrency miner known as Adylkuzz. And, they can succeed in bringing your business to its knees for one simple reason: you haven’t kept your systems and software up to date.
According to the 2015 Verizon Data Breach Investigations Report, 99.9% of attacks exploited are from vulnerabilities that had been identified for more than a year, some of them as far back as 1999. (Verizon didn’t calculate this stat in the 2016 report, but noted the number hadn’t changed year-over-year.)
Tanium has been used across some of the largest networks in the world to mitigate the risks of several recent vulnerabilities, including WannaCry, Intel AMT, and the HP Audio Driver Keylogger. For each vulnerability, we offered customers the freedom of choice to determine the best mitigation strategy for their business. Patching was an option, but not the only available option. Noteworthy accomplishments include:
We had two large customers who initially tried to use SCCM to address the patches issued by Microsoft in response to WannaCry – and had to stop due to crushing network congestion issues caused by SCCM. These customers shifted to Tanium for the patch deployment and were able to complete their entire enterprise in less time than it had taken to create the SCCM packages.
Several customers found vulnerable assets which were not domain joined at all and, as such, would have never gotten properly patched without Tanium.
Nearly every customer was confident they had SMBv1 disabled enterprise wide. Yet, we had no customers with zero SMBv1, and the average across customers was 7%, spiking as high as greater than 50% of endpoints with SMBv1 enabled.
In many cases, legacy processes held back improved capabilities. We saw many cases in our WannaCry response where the process took eight hours from the time approval was given to mitigate WannaCry to when Tanium issued the corrective actions to mitigate the threat. From trigger-pull to completion was less than two minutes.
In light of what we’ve learned from these recent examples, here are five steps your organization can take now, so you’re better prepared to avoid being caught in the next attack:
Are your security hygiene practices as strong as they can be? Is your organization ready to withstand the next attack? Learn more about how we can help. Schedule your security hygiene assessment today.
Like what you see? Click here and sign up to receive the latest Tanium news and learn about our upcoming events.
About the author: In his role as Chief Customer Officer, Charles Ross leads the team responsible for delivering the Tanium vision to our customers: scalable endpoint management to operate and secure their business reliably and quickly. Prior to Tanium, Charles worked at McAfee, where he held a variety of leadership roles in pre-sales engineering, solution architecture, and IT security. Prior to McAfee, Charles worked as an Enterprise Risk Consultant for Deloitte & Touché. Charles holds a Bachelor of Science from the University of Florida.