Microsoft ran out of time, imposed by HP’s Zero Day Initiative (ZDI) to fix four critical security vulnerabilities in the mobile edition of Internet Explorer, Cris Thomas, strategist of Tenable Network Security commented on the IE Zero day vulnerability.
Cris Thomas, Strategist of Tenable Network Security :
“Unfortunately two of the big kids in our industry are having a little spat over vulnerability disclosure, again. As enterprises focus on getting business done we really have little time to obsess over whether or not companies are fixing vulnerabilities fast enough or are being irresponsible in disclosing them. There will always be 0-days. As people with companies to run we can’t be running around putting out fires every time someone announces a new one. As managers of the infrastructure of our enterprise we instead need to focus on the fundamentals. We need to realise that we will indeed be breached, whether it is by some as yet unknown 0-day, a recently announced vulnerability or something that has been around for months or even years – we will be breached.
“The defence to such incidents of course is proper planning. Since we know we will be breached we have designed our networks to minimise the impacts of such a breach making it difficult for an attacker to jump from one system to another. We do this by designing a secure network from the start, deploying technologies such as IDS, IPS, AV, white listing and other technologies to alert us when bad guys are messing around. We make sure that our patches are up to date and that our users are using strong passwords and disabling default account and out dated accounts. By practising these fundamental basic elements of security we don’t have to worry about each and every 0-day that gets announced because we can rest easy knowing that when we do get attacked we will find out about it quickly and be able to minimise its impact.”[su_box title=”About Tenable Network Security” style=”noise” box_color=”#336588″]
Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Tenable’s key clients include Fortune Global 500 companies across industries as well as the entire U.S. Department of Defense and many of the world’s leading governments.
Tenable has been named a Baltimore Sun Top Workplace two consecutive years running, a Washington Post Top Workplace this year, and CEO Ron Gula has received special awards for leadership from both prestigious publications. In 2014 Tenable was selected as a Red Herring Top 100 North America award winner. The company was also named Best Vulnerability Management Solution at the SC Magazine Europe awards. Tenable has been selected as a Deloitte Technology Fast 500 Company every year since 2009.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.