We are seeing a startling number of security vulnerabilities in applications these days. A recent breakdown indicated as much as 75% of Healthcare Applications have major security vulnerabilities.
Applications are one of the easiest vectors of vulnerability within an organization. They can have customized packages / installation files that look suspicious to most security technologies - that resemble malware - that must be allowed. Some applications require blanket protections from the security technologies, almost certainly making them an avenue of entry into a strong security environment.
This builds off existing vulnerabilities we see in the security space. Zero-day threats are a real risk that few security technologies can handle - and one of the reasons Microsoft and Apple have to stay on top of regular security updates to cover vulnerabilities uncovered every day. This means that these industry (or sometimes custom to a specific company) apps can be such a risk. If you have a Healthcare Application that requires multiple security exclusions in order to function - is that application updating regularly / looking for security risks?
Microsoft and Apple have the advantage of being large organizations which do a fair amount of vulnerability testing in the quality assurance steps before releasing updates... and pay out bounties for people who report those kinds of vulnerabilities. If you are a small application developer, do you have a large enough testing group in order to find every vulnerability?
The answer is... you don't. Security attackers only need to have a single success out of millions of attempts, versus security engineers and technicians who have to block every security risk or attempt in order to be successful.
Layered Security is the answer. Having strong technologies that provide 24/7/365 protection: Managed Detection & Response becomes essential.
This brings up our partnership with Blackpoint Cyber. I don't mean to toot my own horn too much, but Blackpoint provides a level of protection that goes beyond just reporting; Blackpoint takes action, to include locking down and isolating a system, and works with your IT team to handle issues. It stops threats from lateral spread across your entire network, turning a single security instance into a much easier problem to handle.
The reason this matters, is that the majority of breaches in the last five years have involved organizations which HAD SIEM technologies. That simply isn't enough! We see threats go overlooked, or alerts become too much to handle for beleaguered security engineers (alert fatigue). And... many custom applications will flag as security risks that require blanket exclusions to function. When we exclude these applications, we create vulnerabilities, which leads to breaches.
In closing, I would suggest that if you are concerned about the risk of custom applications, or industry specific applications, to schedule a call with London Security so we can talk more about your options. We have found great success with our customers implementing solutions like Blackpoint to solve these problems before they grow out of control.
We don't just preach layered security, we practice it internally. And Blackpoint is an essential layer of our internal security strategy.