CBI Blog

How Simple Patching Could Have Saved Hundreds of Thousands of Victims

CBI Blog

We have been having conversations with customers for a long time about better security of their infrastructure. Time and time again we have these conversations – pushing them to do better. Some folks simply won’t do the basics – I hear plenty of different reasons:

  • I can’t touch these systems; they are mission critical
  • The “business” won’t give me permission to do it
  • I don’t have the time; I’ll get caught up next month
  • I don’t have enough people to get the job done
  • It’s patching; it isn’t really that important

What is the single most important thing to do related to security in your environment?  Yep – patch your systems. Deploy the patches that are out there in a timely manner – the sooner, the better. Simple as that. The vast majority of the holes slam shut if you do.

You can easily find endless references on the web that harp on patching your systems. IBM has a great paper here on how you can make things better:  BigFix Patch Management Endpoint Manager

Let me show you some interesting and scary stuff.

1 in 5 businesses hit with ransomware are forced to close

78% of folks know that blindly clicking on links in emails from unknown senders is dangerous, but they still do it anyway

NSA: No Zero-Days were used in any highprofile breaches over last 24 months

Today certainly has to be the most relevant day in the history of mankind to talk about these things. There are tens of thousands of systems on the planet that probably won’t be same. Their companies probably won’t be either. Many people’s lives won’t be the same. Ponder on that for a minute and then tell me why you can’t patch your systems.

I have been pushing our folks to scream from the mountain tops lately after the NSA tools were made available to every bad guy on the planet. Anyone who didn’t take this seriously is possibly paying a severe price right now.

Take a look at this one – we had a month’s notice that this was going to happen. The bad guys knew they had to move quickly. If they moved fast enough – they would get paid handsomely.

On April 15, 2017, Microsoft published a blog post stating that after an analysis of the ShadowBrokers leak, it had determined that most of the vulnerabilities were patched in a series of Windows updates released in March.

After all of the doom and gloom above, what did the diligent and responsible people do?  They patched their systems not too long after the patches were released. Patching cycles can be compressed if security is the forefront of the conversations inside an organization. These days, organizations can no longer afford to have security seen as “the other team.”

We preach security, doing things right, timely execution, and using the right tools. A ton of our customers take our advice and install best of breed security tools, build thoughtful and intelligent multi-layered programs and processes around security, and make sure the basics are always covered. I had a customer email me on the day of the attacks, and I had to stop for a minute and take it all in.

We talked to these guys about IBM BigFix and what a great set of tools they are. We did a proof of concept with them to prove out all of the things that I said they could do. We sold the tools and implemented from there. These guys “get” BigFix. Tons of out of the box content that does all kinds of stuff – including automating the deployment of little things like MS17-010 and making sure it stays installed, as well as leveraging the power of the tools to quickly build custom stuff.

From my customer:

I just wanted to let you know the help we had with BigFix for the ransomware that caused havoc today.

Our Information Security alerted us to the issue, and within minutes we had a list of servers still needing the patch and have been able to make a plan to resolve the servers that don't get regular patches.

We also kicked off an on-demand task that looks for any .wn or .wcry file extensions and have an analysis that keys off the output of the task to determine if any files are found. We were able to quickly determine that no files were present on any server.

It definitely reduced any panic we might have had from their urgency to immediate check all of our servers.

I highlighted a few things above. Notice they are all about speed, accuracy, and value. That is IBM BigFix. It doesn’t matter how big your organization is. It doesn’t matter how local or global your network is. It doesn’t matter if you are in a remote office or in the data center, or in the coffee shop on your hotspot, or what operating system you are running. BigFix can reach you, evaluate you, remediate you and report accurate results every step along the way – at blazing speeds – and with a single low-footprint agent.

We live in a different world now – it changed when the NSA’s tool bag was left sitting on a park bench, and the wrong person picked it up giving all of the bad guys an extreme upgrade in skillset. Even once all of the existing holes are closed for the modern operating systems and the tools themselves aren’t very useful, they can still glean so much intelligence from these tools on how to do things better. Expect to see more attacks than ever before. Expect the attacks to be smarter and more powerful than ever before. If you think the worst is behind us – you are dead wrong.

"This puts a powerful nation state-level attack tool in the hands of anyone who wants to download it to start targeting servers."

Would “Global Ransomware Day 2017” have been different for you if you had the same capabilities as my customer?  What if your CEO walked up and asked you – how exposed are we and have we been hit?  How quickly and effectively could you reach out to all of your managed systems – no matter where they were, and answer that question?  Did you pay any overtime or ruin any weekends today?

IT infrastructures are built for one reason – to support the business – that’s where the money comes from. If the infrastructure has weak security controls and suddenly becomes a hostage, how is the business going to continue to function? It’s time to change the conversation. Now.

Let CBI help protect your data, your IP,
your reputation and your brand.

Let IBM BigFix help – See Clearly, Understand Completely, Act Precisely.
If you don’t have the right tools, we can help.

If you have the tools, but not the talent, we can help.
If you don’t know where your security gaps are, we can help.
If you don’t have the manpower, we can take on the workload for you.

Tomorrow isn’t going to be much better unless you make it better.


BigFix Update #1: Patch for Windows (5/13/17)

For those of you that use BigFix to secure your world, if you haven't seen the announcements, IBM has released content for the MS17-010 patches that Microsoft recently released for older operating systems. If the content isn't visible within your Patches for Windows site, simply do a gather and the content will appear shortly. As with all BigFix content, your systems will evaluate for applicability automatically and report the results automatically. Happy Patching!

BigFix Update #2: Look for Wanna Cry Encrypted Files

For those of you that use BigFix to secure your world, I created a couple of pieces of content that will help identify if Wanna Cry has been encrypting files in your environment.

Task:  https://bigfix.me/fixlet/details/24279

Property:  https://bigfix.me/relevance/details/3020064

CBI Jason Cordell

Jason Cordell

Jason Cordell is the Strategic Manager for IBM and is responsible for leading and executing the IBM vision at CBI. Jason brings 20 years of real world industry experience with him to CBI. Prior to joining CBI, he was a BigFix pre-sales engineer at IBM. Jason has managed a wide variety of environments using a diverse set of tools over the years and understands the challenges based upon first-hand experience.