Cyber Security, Vulnerabilities and Patching Policy
Every day new security vulnerabilities, virus threats and new versions of ransomware are causing a media frenzy and driving everyone into an immediate panic
Whilst it is right that these issues are highlighted by the media, they are often being dealt with by the software manufacturers, IT departments and security companies in the background. Some of these news stories need to be taken in context, as many do not constitute a major security issue, if you already have good updating and patching policies that are designed to deal with them.
At Taurus we have systems in place to monitor and ensure that the latest patches and updates are applied to your system, as they are released. Should these fail, then our Reporting and Security Analysis System monitors this and reports back on any additional vulnerabilities that may need attention.
We are continuously monitoring the update processes for our managed clients to ensure the latest updates to antivirus and security software are applied. Many of our systems including Microsoft, Antivirus and our Managed Firewalls are in constant contact with the manufacturers web services to receive up to the minute information and updates about the latest threats, which are then fed directly into these systems.
Whilst this does not provide a cast iron guarantee, as cyber security is a subjective subject, our systems are there to ensure that best practice is followed on your hardware and core software estate, mitigating the risks.
Every week we carry out a security assessment where our team looks at the latest threats from the last seven days and assess any impact to our systems and any additional measures we should take. We have access to a large amount of this information from industry bodies and blue chip manufacturers. This is just standard good IT practice.
Where the service we supply is not fully managed, or it covers other products and services such as telecoms, we are of course mindful of the security vulnerabilities and cyber threats that may affect those products, and mitigation action will be taken as appropriate. All customers should ensure that they have an effective ICT security policy in place.
The latest announcement of vulnerabilities to CPU hardware named Spectre and Meltdown are creating particular interest in the media, and whilst there are no reports that they have been used in an attack, they do require attention. This is a major industry weakness and affects billions of devices worldwide. Chip and device manufacturers, together with software companies, are already releasing patches which we in turn will apply to your systems, following our normal protocols.
Please note, as with most threats and mitigation assessments, we suggest you follow the best practice advice and protect from the perimeter to the core, for all analysis and protection policies: Firewall – Antivirus - Operating System - Device Firmware.
By Richard Whybra, Taurus Technical Director
Further information and scores of advice can be found below: -
NCSC weekly report: https://www.ncsc.gov.uk/index/...
Spectre & Meltdown Windows support: https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown