Search
US UK
Call us

Sales

00 11 44 845 838 2080

General Enquiries

00 11 44 845 838 2050

Support

00 11 44 345 838 2070

Managing obsolete software risks

11-12-2019

Lorna McInerney

Tags:

Managing the risks of obsolete software platforms

According to guidance from the National Cyber Security Centre (NCSC) the risks of using obsolete software are significant and result from two compounding factors:

    • Absence of security updates increases the likelihood that exploitable vulnerabilities will become known by attackers
    • Latest security controls and protections are absent in older software, increasing the impact of vulnerabilities, making exploits more likely and making detection more difficult

Over time, new vulnerabilities in obsolete software are discovered that can be exploited by relatively low-skilled attackers. Products such as antivirus offer even less protection than achieved on up to date systems, as signatures are typically not tuned to detect attacks targeted at obsolete systems.

As high-impact security incidents become more likely to occur, the results can be catastrophic, effecting an entire organization. Timely response to security critical events therefore becomes increasingly important if obsolete software is present, to reduce any compromise spreading. This can place significant demands on already overstretched security teams.

NCSC recommend therefore that obsolete systems should be treated as untrusted, as should processed data and files sourced from the Internet, even if originating from a known third party.

Convert obsolete client systems to thin clients

One mitigation recommended by NCSC is to convert obsolete machines to thin client devices and use them only as an access mechanism to trusted internal services. Web browsing and business productivity applications can be performed via Web Applications or a VDI environment running a patched modern browser.

The approach applies equally to third party organizations where their own devices are used within or to connect to your environment - for example, suppliers that manage services within your enterprise environment.



Paradox for IT Transformation

In collaboration with UK Government, Becrypt have developed Paradox, a secure operating system and management platform for converting legacy devices into cost-effective endpoints offering a modern browser experience.

To find out more, contact info@becrypt.com







↑ Industry Insights

Paradox Secure Desktop

Find out more

First name*

Last name*

Email address*

Phone number*

How can we help?*

By submitting your details you are agreeing that we may communicate with you about Becrypt.
I agree to receive marketing updates regarding relevant products and services from Becrypt. Please refer to our Privacy Policy for more information. You can unsubscribe at any time.