What are the risks?
Legacy technology is a fact of life for most organisations. It’s also a ticking time bomb for security risk if not managed properly. On 10th October 2023, Microsoft will end support for Windows Server 2012 and 2012 R2, meaning no more security updates will be available, just like SQL Server 2012.
Threat actors are circling
A survey conducted by Ponemon states that 60% of cyber-attack victims were breached due to unpatched vulnerabilities. Malicious actors will always look for the lowest hanging fruit – the easiest targets to compromise and monetise. End of support (EOS) systems offer a quick win as no more security patches will be made available as standard. Sometimes hackers even store up exploits until after the EOS date, when they know systems will no longer be receiving new patches. So, what can security teams do? They could:
- Sit tight and bury head in the sand. However, this is definitely not advised!
- Upgrade application to run on a newer platform or migrate to the cloud, however this is not always possible.
- Pay their OS vendor, in this case Microsoft, for extended security updates (ESUs). This is the most expensive option and even then, may not cover all disclosed vulnerabilities – just the ones Microsoft chooses to fix.
- Use the virtual patching capabilities in Trend Micro Cloud One Workload Security (SaaS (software as a service)) or Trend Micro Deep Security (on premise software) which are fast/ and easy to deploy, cost effective and automated. You could also utilise Trend Micro’s Tipping Point & TXOne portfolio to do in Network virtual patching without the need for Endpoint agents.
Trend Micro’s virtual patching capabilities can help mitigate this risk in a highly cost-effective way, allowing customers to manage migration onto a newer Windows platforms at their own pace.
Why virtual patching works
Trend Micro’s virtual patching utilises intrusion prevention rules to stop the exploitation of vulnerabilities on unpatched servers from known and unknown threats, across both on-premise and Cloud environments. It’s powered by industry leading vulnerability research from the Zero Day Initiative (ZDI), the world’s largest vendor agnostic bug bounty programme.
Virtual patching offers:
- Fast and effective way to mitigate risks associated with unpatched vulnerabilities
- Peace of mind that systems will stay operational even past EOS deadlines without the associated risk
- The time to migrate to newer applications at the organisation’s own speed.
- Support for regulatory compliance requirements around vulnerability management and risk reduction
- Significant financial benefits compared to Microsoft ESUs – on average, savings of up to
40%+ on MS ESU costs.
To find out more, check out our cost savings calculator.