Application Lifecycle Management!

Why is this important?

By now, everyone would have realised that cybersecurity is a shared responsibility and requires a layered approach to stay as close as possible to a constantly evolving target, if not we highly recommend a glance on Defined Roles and Responsibility with Segregation of duties.

There are a few foundational concepts that help us define Confidentiality, Integrity and Availability that we stack our defences on, one such as having a robust software lifecycle management system which is often under-evaluated.

Traditionally Application is sub categorised from Asset as Software Asset in most Small and Medium Enterprises we see the branch ends there we would like to highlight it as a separate section since we see with few critical cyber attacks targeting and exploiting the Software Supply Chain and infiltrating

Here are a few dots to connect that will help with an internal assessment to evaluate the current position and move closer to target; secured.

Inventory for informed decision

This is a vantage point to examine and connect other dots; as it is a vital process for organisations that rely on diverse software applications to support their operations. The process involves systematically identifying, tracking, and organising software applications and licenses within an IT infrastructure.

Although there are several enterprise solutions available in various price points with diverse features the core of inventory management are Name, Version, Business Owner, Technical Owner, Category, Business Requirement, Type, Internet Requirements, End of Support Date, End of Life Date, Expected Last Day of Usage, Data Access to the application and Compliance requirement. Before approving the app in the organisation it is recommended to validate the application with cloud sandbox solutions like Virus Total and Hybrid Analysis for malware.

If you have already decided or got a budget approved to buy a commercial solution you are the lucky few, for folks who are still considering there are few Open Source alternatives to consider once such as OS Query.

OS Query is an effective open-source tool designed to monitor system security and operational insights for the folks interested in security, data analysis, and system administration. Developed by Facebook in 2014, it allows users to execute SQL-like queries to gather detailed information about system states and configurations across all major platforms including Windows, macOS, and Linux.

This will help us to connect with all the other related dots

How it helps

With the inventory we know about the applications that are authorised and unauthorised solutions like Manage Engine Desktop Central offers application deny list.

This will help in the evaluation of how different apps handle corporate data like 3rd party cloud services storage or in corporate workstations offline. With recent trends of generative AI solutions available in almost every smart device, sharing of critical data for some quick insight is risky as well. We will cover this in an upcoming blog about data classification and labeling policies. With reference to Application Management we can restrict those non approved thick client and web applications.

With the above instance we can now relate how it helps in risk management to track EOL and EOS Apps and plan for better alternate resources and stay compliant. Most importantly decommission unused or retired solutions to save some cost.

For folks who will be interested and smart enough to learn from famous failures, here are a few expensive ones to refresh our memories.

Notable Cyber Attacks

Here is something everyone is surprised to see, a simple process could have prevented a cyber disaster. Each incident highlights the company affected, what was compromised, and the root cause of the attack.

1. Heartland Payment Systems

What got compromised: Over 100 million debit and credit card numbers.

Root Cause: Malicious actors exploited SQL vulnerabilities within the network, enabling them to install malware that surreptitiously captured cardholder data. Despite the awareness of these vulnerabilities, timely patches were not implemented, resulting in a substantial data breach in 2008.

Ref:https://www.secureworks.com/blog/general-pci-compliance-data-security-case-study-heartland

2. Yahoo!

What got compromised: Over 3 billion user accounts.

Root Cause: Russian hackers exploited outdated security practices, including inadequate encryption methods (SHA-1) and insufficient monitoring of access points, enabling them to access user data over several years, from 2013 to 2016 despite the vulnerabilities being known.

Ref:https://www.reuters.com/article/technology/yahoo-says-all-three-billion-accounts-hacked-in-2013-data-theft-idUSKCN1C82NV/

3. Sony PlayStation Network

What got compromised: Personal information of 77 million account holders.

Root Cause: In April 2011, a series of Distributed Denial of Service (DDoS) attacks were launched against outdated server security configurations and vulnerable servers, resulting in a breach of the network.

Ref:https://time.com/3173501/sony-playstation-network-attack/

4. Target

What got compromised: 40 million credit and debit card accounts.

Root Cause: Attackers accessed a third-party vendor’s system through compromised credentials, exploiting outdated security and insufficient network segmentation during late 2013’s holiday shopping season.

Ref:https://www.nbcnews.com/business/business-news/target-settles-2013-hacked-customer-data-breach-18-5-million-n764031

5. Equifax

What got compromised: Personal information of approximately 147 million people.

Root Cause: The data breach occurred due to the failure to apply a known vulnerability patch to the Apache Struts web application framework. Despite being aware of the vulnerability, Equifax neglected to implement the necessary updates in a timely manner, resulting in the significant data breach in mid-2017.

Ref:https://www.csoonline.com/article/567833/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html

6. WannaCry Ransomware Attack

What got compromised: Systems across various organizations globally, including healthcare services.

Root Cause: The ransomware exploited a vulnerability in outdated versions of Microsoft Windows’ SMB protocol. Consequently, numerous organizations had not applied the available patches that could have mitigated the attack that occurred in May 2017.

Ref:https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware/wannacry-ransomware/

Inference

It is always advantageous to consider a solution at the very least that will result in a marginal improvement over a cluttered or vulnerable state. As a valued friend, do not compromise on acceptable solutions in the pursuit of an ideal one.

In subsequent blogs, we will delve deeper into the practical setups necessary to establish an optimal environment and provide a comprehensive analysis of the various factors that contribute to its success.

We at SecureDots Cyber Solution, primarily focused on providing analytical reports informed decision-making and suggest simple solutions, better practice and enabling our customers to be risk aware. If you like our approach to Cyber Security, kindly follow our blogs and reach out to us via email address Info@securedots.in. We are always happy to work on new and challenging solutions.