Think You Have It Covered With WSUS? Think Again…

As noted in our July blog post “Adjust Your Defense to the Changing Threat Vector,” third party applications now pose the greatest risk to network security. Simply turning on WSUS and patching the underlying OS and Microsoft applications leaves you woefully exposed.  The bad guys know they can improve the success of an attack by going after vulnerabilities in applications you are failing to patch. Today, they are directing their attacks against third party applications, NOT the traditional Microsoft applications.
The new threat vector is taking advantage of what many consider to be an enterprise blind spot and, as a result we are perhaps more at risk today than we were just a year ago. Unfortunately many security professionals seem to have completely missed this change. This point was driven home in the recent InformationWeek Survey that noted  the majority of  people are only somewhat concerned as opposed to very concerned about a zero-day exploit (Figure 1); 54% of respondents said their level of vulnerability is the same as it was a year ago (Figure 2) and 64% of respondents said they do not believe they will experience a security breach within the next year (Figure 3).

Figure 1

Figure 2 (continue reading...)