You may have heard that running Windows XP or Windows Server 2003 after Microsoft stopped supporting them is a dangerous idea, but do you understand why it’s so dangerous?
Let’s get real!!
“... But you can’t sunset this system... it only runs on windows XP.”
“The new system doesn’t do everything the old system did... so we need to keep it alive forever.”
If your organization is running any Windows OS that is no longer supported by Microsoft, every Patch Tuesday exposes those systems to possible further vulnerabilities that can only be addressed by work arounds and/or extra work by the IT and IT Security Teams. Hackers review the release notes from Microsoft related to vulnerabilities they are fixing. Hackers then go and look at the code of the unsupported Windows OS to determine if that vulnerability exists there as well. If it does, (a lot of the Microsoft code is shared across all versions they then have a way to exploit these vulnerabilities with no code-based fix coming from Microsoft ever!!
The truth is, making technology work and stay working is multifaceted and complex. This complexity, coupled with the hesitance for change and new technology can make IT security very difficult. While technology changes, company budgets for this area are not. These factors make it harder to detect, respond and mitigate to vulnerabilities at a proactive level.
With education and understanding of the threats and risks at all levels of the organization, support for these changes will increase. A change in workflow can be a difficult and an uncomfortable prospect for some employees. Creating a security education program and enlisting the help of “Security Ambassadors” (members of the business that are interested in IT Security) is very helpful. These Security Ambassadors can help with education, training and bringing awareness to their own departments. This helps make the message a little more meaningful and personal and in turn making the change a little more acceptable.
ISG Grizzly Shield Security Services
We take an easy three step approach to helping organizations Secure their AWS environment:
Pinpoint – Understand the level of maturity your security program has achieved and the possible gaps that may be present.
Jump Start – Develop Project plan/Roadmap for initiatives required to bring your Organization to the point where 24 X 7 monitoring can be leveraged, and data consumed by an MSP or internal staff or a combination of the two.
Monitoring, Training, and Ongoing Management – 24 X 7 monitoring and alerting based on defined SLAs.