Experts advise companies to use special detection

relemedf5w023 · Post by **relemedf5w023** » Sun Feb 09, 2025 3:39 am

The portal provides five tips to help administrators keep their IT infrastructures up to date.

1. Conduct a thorough software inventory. What did Equifax learn? The company likely knew about the vulnerability in Apache Struts 2, but it did not track software versions or monitor its health (the company’s former CEO previously stated this). It is quite common for companies to install software that is up-to-date at some point in time, but then fail to monitor library versions or fail to update components. Apache Struts 2 illustrates the importance of this process. At the time the vulnerability was disclosed, the Struts 2 library—files containing archives critical to the program’s operation—consisted of 50 versions, with most of them (58%) vulnerable to hacker attacks, according to the Veracode report.

tools to quickly eliminate vulnerabilities. “An kenya mobile database may know about a Struts vulnerability, but that’s not enough – it needs to check all segments of the network. Many companies don’t do this, so there are many weak points in the networks that we don’t know about or won’t know about soon,” said Jimmy Graham, director of enterprise infrastructure vulnerability research at Qualys.

2. Monitor the security status of auxiliary devices. Typically, when it comes to the security of the organization's perimeter, servers, software, network, storage systems, and other objects are mentioned, but auxiliary devices that are not directly connected to the enterprise's IT infrastructure are not always taken into account. These include a large number of IoT gadgets - from network routers used in home offices to digital video recorders for conference calls.

2017 showed that such gadgets should be in the focus of information security. Thus, last year, experts managed to discover the vulnerability CVE-2017-17215 in Huawei routers, which allowed hackers to turn them into the Satori botnet. Experts classified it as a bot specially designed to work on IoT gadgets. According to a recent study conducted by Osterman Research on behalf of Trustwave, more than half of companies do not have the expertise to detect and fix problems that arise during the operation of IoT gadgets.