Keep your information system up to date #CyberSecMonth

Although we are only a few days away from the end of the 2018 edition of CyberSecMonth, there is still time to learn and share our best practices on digital security. This is our ambition with our new infographics on the maintenance of the information system. This CyberTip is particularly close to our hearts. Indeed, we have developed a solution that perfectly meets the challenges of computer maintenance. We’ll tell you more just below!

Keeping Up-to-Date to Maintain a Secure Environment

In today’s digital age, digital transformation continues to grow in importance as information systems and software are constantly evolving and therefore frequently updated. The main reasons for these updates are the addition of new features or the introduction of patches. However, all these changes can introduce some “instability” to the software. It’s therefore not surprising that security vulnerabilities are regularly discovered in them.

For cyber attackers, these security vulnerabilities present excellent opportunities to infiltrate the information system. Their goals include accessing sensitive data or contaminating the network. It’s impossible to prevent software from evolving, so the only viable option is to mitigate the risks associated with frequent updates to the solutions used within an organization.

How to Limit the Risks of Information System Infection?

Update Information System Components:

The only way to mitigate this risk is to stay informed about newly discovered vulnerabilities and act promptly. The CERT-FR (Computer Emergency Response Team) is the French governmental center for monitoring, alerting, and responding to computer attacks. It conducts technological monitoring and communicates the state-of-the-art in systems and software. This organization keeps you informed about various discovered security flaws. Subsequently, it’s crucial to apply security patches across all components of the information system within a maximum of one month after the publisher’s release. It’s also advisable to define an update policy specifying:

• How the inventory of information system components is conducted.
• Sources of information regarding update releases.
• Tools for deploying patches across the system.
• The potential qualification of patches and their progressive deployment across the system.

Obsolete components no longer supported by manufacturers should be isolated from the rest of the system. This measure also applies to the network (strict flow filtering) as well as authentication secrets (dedicated to these systems).

Monitor Software Obsolescence:

Using outdated software or systems poses an additional risk of cyber attack. Once patches are no longer provided for a system, it becomes vulnerable. Many malicious tools on the web exploit this lack of security updates from the publisher. However, there are precautions to avoid obsolescence of these systems:

• Create and maintain an inventory of systems and applications in the information system.
• Prefer solutions with guaranteed support for at least the duration of use.
• Track software updates and end-of-support dates.
• Maintain uniformity within the IT environment. Accumulating multiple versions of software can lead to problems and complicate system monitoring.
• Limit software operational dependencies on one another (software adhesions). The support duration of these solutions varies.
• Include clauses in contracts with service providers and suppliers for security patch tracking and obsolescence management.
• Identify the necessary timeframes and resources for migrating each software during its decline phase (non-regression testing, data backup, and migration procedures, etc.).

Facilitate Implementation of Practices to Maintain an Up-to-Date Information System:

Ensure Software Compliance:

SUMo (Software Update Monitor) is a user-friendly tool that’s very useful. It automatically detects new versions of installed software through hard disk analysis. The software is free and available in French. During analysis, if SUMo discovers a new version of software, the console displays the currently installed version on the workstation and the new version. A link to download the new version is also provided. There’s also a paid version that allows downloading updates directly from developer sites.

WAPT for Simplified Fleet Management:

WAPT is our open-source software deployment solution for Windows. WAPT simplifies IT fleet management by centralizing administrative actions in a single console. It enables you to quickly create, test, install, update, and uninstall software packages or configurations across your entire fleet. Information is updated directly in the console, providing real-time progress updates on fleet actions. You can also schedule remote software deployments to avoid disrupting users. The software’s simplicity enhances responsiveness and facilitates rapid security vulnerability fixes. You can keep your information system up to date with just a few clicks.

Regarding software package deployment, you have three options. First, you can securely download packages from our store (with over 1000 available packages). Alternatively, you can create your own packages via the WAPT console. We use the package wizard and PyScripter environment to simplify package creation. If this seems complex, you can ask us to develop packages for you.

Benefit from our expertise

As the creators of WAPT, we are best able to answer your questions and solve your problems. We have implemented support tickets and qualiopi certified training on our software. Our DevSecOps working methodologies and our 15 years of expertise in securing the local network make us trusted partners to act effectively on a computer fleet.

Cybersecurity: Visualize, understand, decide

This week, Cigref, a network of major French companies and public administrations focused on digital technology, published a report on Cybersecurity. The purpose of this report is to help organizations to understand the challenges of cybersecurity. Thus, the Cigref working group identified and structured the strategic information and indicators needed to provide a dashboard on cybersecurity. This document, mainly intended for CIOs, includes several sections (information system, company vulnerability, etc.) and is based on current data, risk analyses, cost elements and aggregated quantitative indicators.

Articles not to be missed:

• Cloud Security: How to protect your data? – Mismo
• Phishing, beware of fake sites! – Police nationale
• Frances takes second place in the European challenge – ANSSI

Find all our recommendations on Twitter and LinkedIn and on hashtag: #TousSecNum, #CyberSecMonth, #ECSM2018 et #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.