The Known, the Unknown, and the Zero-Day: Why Enterprises Need Intrusion Prevention Systems


WannaCry and Petya may have made the headlines over their debilitating effects on several industries, but those stories also illustrate the importance of patching vulnerabilities.

Applying or installing patches has always been one of the tenets of good cybersecurity practices. Patches ensure applications run smoothly while addressing any security gaps that attackers may exploit. But why is patching still a contentious issue among enterprises?

 

Patch Management Issues

Reluctance to apply patches and updates can be broken down into four reasons:

Patching can be disruptive to business operations. Coordinating and executing a patch schedule can be time-consuming for IT departments, especially for large-scale enterprises. Updates can take a few minutes to a few hours, leaving businesses with a period of inactivity for their systems and/or employees. Even if organizations opt to have their patches installed outside working hours, this would still require manpower and incur additional expenses.

Patching requires time. IT departments often need time to test if patches are compliant to the IT infrastructure. While a patch can improve an application or system, there is no guarantee that an updated application or system will not wreak havoc in a controlled environment.

Patching may not be available immediately. Vendors may not immediately provide patches to vulnerabilities, leaving IT environments vulnerable to attacks. Furthermore, some patches arrive via a third-party vendor, increasing the length of time before a system is protected.

Legacy systems are common in enterprises. Legacy systems—applications or systems that are now obsolete and without vendor support—can be found in enterprise environments. There are different reasons for maintaining legacy systems, such as budget issues and software compatibility. However, legacy systems leave enterprises at risk for threats and attacks as patch support has stopped.

 

The need for Intrusion Prevention Systems (IPS)

Patching may be an important aspect of cybersecurity, but IT professionals cannot rely on patching alone. The speed at which threats are evolving is unprecedented, and with the valuable data they contain, your network and servers are prime targets for attack. Intrusion Prevention Systems (IPS) are ideally suited to detect and stop attacks that originate over the network, including those focused on application and OS vulnerabilities.

With an effective IPS in place, you can easily virtually patch and protect vulnerable systems from known, unknown, zero-day, and ransomware vulnerabilities like WannaCry. IPS gives you the flexibility to deploy a patch when one becomes available and suits your business needs. It also protects you even before a patch exists, as is the case with end-of support systems and applications.

Trend Micro TippingPoint’s Next-Generation Intrusion Prevention System (NGIPS) protects critical infrastructure, data, and vulnerable applications in real-time from known, undisclosed, and unknown vulnerabilities without adversely affecting network performance.

Key features of Tipping Point include:

Real-time security – Real-time, in-line enforcement protects critical data, applications, and infrastructure without affecting network performance

Machine learning – Digital Vaccine filters maximize protection with machine learning to create mathematical models to predict whether network traffic is malicious or benign.

Scalable network security performance – Trend Micro TippingPoint delivers the industry’s first stand-alone 100Gbps scalable network security solution designed for high-speed data centers and enterprises with high performance requirements.

Industry-leading threat intelligence – Threat intelligence from DVLabs and the Zero Day Initiative helps your organization control the patch management life cycle by providing pre-emptive coverage between the discovery of a vulnerability and the availability of a patch, as well as added protection for legacy software.

 

Upgrading Vulnerability Security

Patching is a non-negotiable for cybersecurity. However, businesses and organizations need to step up and look to expanding their vulnerability security. Rather than simply wait for vendors to create and deploy patches, enterprise IT departments need to be more proactive in addressing potential vulnerabilities in their environments. Security options such as IPS add a protective layer for your network and servers, and your data, against known, unknown, and zero-day vulnerabilities.