Patching strategies
by Stefan Frei - Research Analyst Director, Secunia - Tuesday, 4 October 2011.
Cybercriminals have initiated an arms race by refining the malware manufacturing and development process to systematically bypass defense mechanisms. There are many limitations of traditional defense mechanisms, however, security patches are found to be a primary and effective means to escape this arms race as they remediate the root cause of compromise. The major challenge lies in the timely patching of software portfolios, which is like chasing a continuously moving target.

To delve deeper into this challenge, Secunia has compared different patching strategies under the assumption of limited resources. Measurements demonstrate that an intelligent patching strategy can result in increased resilience against exploits; lowering risk levels by up to 80% and maximizing operational efficiency.

An attacker’s mind-set

Cybercriminals are constantly refining their tactics in line with the evolution of the industry and it could therefore be stated that an opportunity for a cybercriminal is represented by the following formula: Opportunity = #Hosts x #Vulnerabilities.

The number of hosts certainly correlates with the 2 billion users with Internet access – a number which has increased by more than 400% in the last decade. With such a huge amount of Internet users, it becomes clear that end-points are being increasingly targeted as even the smallest rate of success of an attack translates into a considerable number of compromised systems.

Corporate and private end-points are both extremely rewarding targets for cybercriminals. End-points are difficult to defend due to their dynamic environments and the unpredictable usage patterns by users. End-points are also highly valuable as they are the location where the most valuable data is found to be the least protected – e.g. access to all data needed to conduct an organisation’s business. Even if no sensitive data is present, the end-point’s computing power and bandwidth provide valuable resources, for example as an infection point, proxy, or for distributed password cracking services.

In other words, everyone who uses the Internet – around 31% of the Earth’s population – is a target.

Evolving vulnerability risks

The recent white paper, ‘How to Secure a Moving Target with Limited Resources’ by Secunia tracks a representative end-point comprising the operating system (Windows XP) and a software portfolio with the industry’s top 50 most prevalent programs. This representative portfolio has programs from 14 different vendors installed: 26 programs from Microsoft and 24 programs from third-parties (non-Microsoft).

To measure the number of vulnerabilities per host, data gathered from over 3 million users of Secunia’s free, lightweight scanner that identifies and patches insecure programs on end-points, is used. The analysis of this data reveals an alarming trend – the number of vulnerabilities affecting this typical end-point increased by 71% in the last year. These findings suggest that end-points are increasingly targeted with the majority of vulnerabilities exploitable from remote, thereby providing direct system access to the attacker.

Figure 1 – History of the number of vulnerabilities affecting a typical end-point with Windows XP (left), distribution of the origin of vulnerabilities in 2010: OS operating system, MS Microsoft programs, TP third-party programs (right).

Threat origins


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th