While many security professionals are ready to toss Java–the favored target of attackers’ exploitation efforts–out of the enterprise, business decision makers often fall back on classifying the software as a business necessity.
Yet, neither side generally has a good way to evaluate the threat posed by Java, because they lack data on actual use of Java in the business and how often malware incidents are caused by the software, says Michael Viscuso, CEO of Carbon Black, a business and security intelligence firm. In a presentation in early October at the ISSA International Conference, Viscuso showed attendees how one company evaluated their use of Java–72 workers needed it for online-meeting software–versus its relative threat–a handful of malware infections could be traced back to the exploitation of a Java vulnerability.
“Getting that context helps malware hunters find more malware and, at the same time, helps the decision maker know that, if I am going to disable Java across the enterprise, then I need a replacement to appease those 72 people,” he says. “Now I can answer questions about the security of the business.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…
Just one week after the Zoll Medical data breach that…
Independent Living Systems (ILS), a Miami-based healthcare software firm providing…