Is end-of-life infrastructure leaving you vulnerable to security breaches?

This article was first posted by Ant Newman on Cisco Security UK & Ireland blog. The original post can be found here.

 

A recent report by the UK’s Financial Conduct Authority (FCA) paints a damning picture of financial services firms’ security and availability.

In particular, the FCA calls out the risk posed by end-of-life (EOL) equipment.

It found that most organisations didn’t have a continuous view of what infrastructure they had, and when they dididentify equipment that had gone EOL, nearly half of firms failed to tackle it promptly. The result?

“There is a significant risk that vulnerabilities of unsupported assets are not identified and fixed in a timely way. This is a regular route for attackers.”

The reality is that most organisations (and certainly not just financial services businesses) have a dangerously limited view of what’s actually sitting in their infrastructure. There are potentially hundreds or thousands of switches, servers, firewalls, load balancers, access points and other devices sitting unpatched, unsupported, unmonitored and free from policy enforcement.

As this kit ages, not only does it become more prone to outages and more out of step with the needs of the business, its list of known vulnerabilities grows longer. Hackers of all kinds can use this shadow infrastructure to steal data and cause serious disruption.

Closing these vulnerabilities shouldn’t be left to some special periodic security initiative. It should be part of normal operational activities.

So what can you do about it? Follow these five steps.

1. Get visibility

Before you do anything else you need to discover what you’ve actually got lurking in your IT. Your vendors and partners can audit your infrastructure and report on the inventory, including telling you what’s end of sale or past last day of support (LDoS), and what’s not covered by a valid support contract. If you’re interested in auditing your Cisco solutions, start by checking out our Asset Management Service.

2. Tackle EOL equipment

Your audit will uncover a host of problems, but EOL products should be your first priority. Some is surplus to requirements, legacy products that simply never got decommissioned — because it’s easier to leave equipment running than properly extricate it from the infrastructure. We can help you do it, including recycling your kit in an environmentally friendly way.

Other equipment may still be adding value, and you can’t just turn it off. Through our Migration Support Services we can take the risk out of running old equipment, by providing extended support coverage and helping you replace equipment when the time is right for you.

Of course replacing products is a potentially significant financial outlay, which is why so many businesses hang on to equipment long after its intended lifespan. Through Cisco Capital we can provide 0% financing for both replacement products and professional and support services, making the transition more affordable.

3. Get supported

Even with EOL equipment out of the way, most customers we work with find that their install base still has issues. With an accurate view of your install base, you can make sure you’re fully covered with the right support. A support contract such as Smart Net Total Care will ensure you get security and other alerts specific to devices in your infrastructure — including alerts about devices approaching end of life — as well as software updates and access to expert technical assistance when you need it.

4. Stay fit

Infrastructures are always changing, and your audit list will be out of date almost immediately. You need a way to stay on top of what’s on your network. We recommend you deploy Collectors on your network to scan your infrastructure and provide telemetry insights into health and status. Through things like our portals and dashboardsand tools we give you an up to date self-service view of serial numbers, software versions and support coverage. This will give you the forward visibility you need to plan for when devices are about to go EOL.

Many customers find that their infrastructure management is hindered as much by contracts as by equipment. A typical business might have dozens of contracts covering support arrangements, financing and software subscriptions. By working with your partners you can consolidate many of these contracts and harmonise their end dates, giving you greater efficiency and making it simpler to manage and make changes.

5. Test with a security mindset

With EOL equipment retired or replaced and the rest of your infrastructure audited, updated and monitored, you’ll have far fewer vulnerabilities for hackers to exploit. But don’t stop now. Conduct regular vulnerability scanning and penetration testing of your infrastructure to spot not only known product vulnerabilities, but weaknesses caused by misconfiguration. Complement these technology assessments with more thorough assessments, such as a Red Team engagement, that look for weaknesses in your people and processes too.

You should follow up on the findings of these assessments by making the necessary changes, whether that’s through cybersecurity training or implementing new security technologies. Perhaps most important is to engage a trusted partner in a retainer for incident response, so you have the right people on hand to help before, during and after any security events that might occur.

Don’t panic

If you’re like most organisations, your infrastructure is leaving you exposed to security threats and downtime. It doesn’t have to be this way. By getting control of your install base, you’ll be on your way to closing those vulnerabilities and protecting your business.

The time to upgrade is now.

Share This