Microsoft ran out of time, imposed by HP’s Zero Day Initiative (ZDI) to fix four critical security vulnerabilities in the mobile edition of Internet Explorer, Cris Thomas, strategist of Tenable Network Security commented on the IE Zero day vulnerability.
Cris Thomas, Strategist of Tenable Network Security :
“Unfortunately two of the big kids in our industry are having a little spat over vulnerability disclosure, again. As enterprises focus on getting business done we really have little time to obsess over whether or not companies are fixing vulnerabilities fast enough or are being irresponsible in disclosing them. There will always be 0-days. As people with companies to run we can’t be running around putting out fires every time someone announces a new one. As managers of the infrastructure of our enterprise we instead need to focus on the fundamentals. We need to realise that we will indeed be breached, whether it is by some as yet unknown 0-day, a recently announced vulnerability or something that has been around for months or even years – we will be breached.
“The defence to such incidents of course is proper planning. Since we know we will be breached we have designed our networks to minimise the impacts of such a breach making it difficult for an attacker to jump from one system to another. We do this by designing a secure network from the start, deploying technologies such as IDS, IPS, AV, white listing and other technologies to alert us when bad guys are messing around. We make sure that our patches are up to date and that our users are using strong passwords and disabling default account and out dated accounts. By practising these fundamental basic elements of security we don’t have to worry about each and every 0-day that gets announced because we can rest easy knowing that when we do get attacked we will find out about it quickly and be able to minimise its impact.”