A solution to the security challenge of legacy applications
Legacy applications are everywhere, in organisations of all sizes. Many of these applications play vital roles, such as controlling business-critical or real-time processes, and cannot easily be retired. Introduced many years or even decades ago to fulfil specific purposes, legacy apps also come with a host of vulnerabilities that can no longer be addressed or fixed by modern security technology. Essentially, they are sitting ducks for hackers.
Frequently, legacy apps run on old versions of operating systems that are no longer being patched. Many were developed when cyber-attacks were far less common and far less sophisticated. Often, the vendors that built these apps no longer exist, leaving organisations reliant on tech support from a scarce, costly, and diminishing cohort of experts.
It’s hard enough to even gain awareness of vulnerabilities in legacy apps in the first place, let alone neutralise them.
Many organisations try to reduce the risk created by these legacy applications by using standard best practices, such as monitoring logs, network activity and permissions and wrapping the applications inside a protective bubble secured by hardware-enforced isolation. However, such approaches do not offer robust protection from more sophisticated attacks.
A legacy application that is five or ten years old could have thousands of vulnerabilities and present a softer and, therefore, more attractive target for hackers than more modern applications with better and frequently updated security.
The NIST National Vulnerability Database (NVD) recently clocked over 20,000 vulnerabilities currently being tracked, marking a threefold increase in just three years. To make matters worse, enterprises take on average between four and six months to remediate serious vulnerabilities, according to the Verizon Data Breach Investigation Report.
A new solution to the patching debacle
Patching is often not a viable solution, even when patches are available. The main reason is that patching requires operational downtime that may disrupt critical business processes. This is simply not an acceptable outcome for many organisations, especially those in critical infrastructure who cannot afford downtime.
However, there is a game-changing technology providing one solution, known as application-aware workload protection. It’s an entirely different approach to the traditional “perimeter” style security tools, essentially protecting applications from the inside out.
Application-aware workload protection understands exactly what each application is designed to do and how its code is supposed to execute, essentially building a baseline of normal behaviour. It then automatically checks the behaviour of each application against the established baseline, ensuring this behaviour is, in fact, normal. When it detects any deviation, this technology can stop execution in mere milliseconds BEFORE any damage can be done. Anything abnormal is instantly detected, treated as a threat and blocked in real-time, therefore negating the risk of attack.
So how does it work?
Application-aware workload protection automatically identifies the correct files, scripts, directories, libraries, inputs, processes, memory usage and more associated with every application an organisation uses. Security staff do not need multiple tools to hunt for threats or spend time determining what malicious activity has been initiated.
Application-aware workload protection is today used by government and commercial organisations worldwide to protect business-critical legacy and proprietary software against ransomware and other known and unknown threats.
This technology works without requiring access to the source code of the applications it protects. And it protects the full application stack—host, memory, and web level—in contrast to conventional security tools that operate outside of the execution process and on the perimeter of the application. Such tools may identify anomalies pre- and post-execution, but do not have the context, awareness, or visibility at runtime.
Application-aware workload protection tools can protect business-critical applications from zero-day threats, fileless attacks and memory corruption exploits that fly under the radar of most security solutions.
Automated, continuous protection
These tools provide automated, continuous, and comprehensive awareness of the entire application package and its expected execution. This awareness covers the application’s dependencies and the scripts used to control its behaviour and drive unique actions. Application-aware workload protection can provide visibility into the assigned memory layout, the directory file structure, accessibility assignments, file paths, and more.
It has the advantage of providing comprehensive, real-time protection regardless of the age or language in which an application is written or the operating environment in which it is running. This is in contrast to conventional security tools, which might offer perimeter protection or detect anomalies pre- or post-execution.
Today, many applications are deployed in cloud, hybrid, or containerised environments. These present no problems for application-aware workload protection tools: they can travel with an application wherever it is deployed.
Avoiding the whack-a-mole challenge
Conventional security tools that attempt to detect and neutralise threats face a monumental and growing challenge as the volume and sophistication of malware continues to increase. Similarly, any organisation attempting to eliminate vulnerabilities in software through patching faces a never-ending game of whack-a-mole: for every vulnerability eliminated, a new one emerges.
By focusing only on the “normal” operation of applications and blocking any abnormal activity, application-aware workload protection avoids the challenge of having to detect and neutralise an ever-growing volume of threats: its challenge is finite, determined by the normal operating parameters of the application being protected.
In summary: application-aware workload protection can protect any hosted application without having access to its source. It can offer runtime protection without prior knowledge of any threats, and it can block malicious action resulting from malware before it can do any damage. And all these functions reduce the burden on often over-stretched cybersecurity staff.