Reducing Risk Through Legacy Operating System Detection

/in , /by

In this post we will talk about the new Legacy Operating System Detection Report in Aura Asset Intelligence and how it can be used to reduce risk within your corporate environment.

What are Legacy Operating Systems?

New versions of Operating Systems are being released at a faster pace than their predecessors and these releases generally come with a more aggressive lifecycle for when they reach end-of-life resulting in many organisations struggling to keep up with this pace of change. Servers and Workstations often have hardware refresh periods of many years during which the Operating System running on this hardware may be patched but it is found to be unlikely that it will be upgraded to a completely new release. Additionally, there are many common cases where users keep hold of their workstations indefinitely as ‘backup’ machines, or where an organisation may have servers running business critical applications that were developed for only a specific Operating System version and therefore can’t be upgraded.

For example, a large healthcare provider that manufactures MRI machines has, over many past years, built and shipped their MRI machines with a version of software that is only supported on Windows 2000. As hospitals will generally keep these machines for decades without replacing them it results in a critical asset for the hospital running a legacy Operating System.

Why are they a problem?

There are many different reasons as to why organisations end up with assets running legacy Operating Systems throughout their environment. The risk is that these legacy Operating Systems become primary targets for attack once they reach end-of-life as support for them ends and vendors are more focused on the development of their latest Operating System releases which means they are no longer developing, or releasing, security updates and patches for these legacy Operating Systems, making them extremely vulnerable to attack. One of the first activities a malicious actor will perform after gaining persistent access to a target is to begin discovery, looking for assets running vulnerable software which they can exploit to laterally move and grow their footprint and stronghold on their target. For every organisation there is a great need to identify the assets that are running these legacy Operating Systems before a bad actor can and ensure they are appropriately protected, controlled and/or upgraded to the latest release. However, organisations often struggle to identify these affected assets as they cannot rely on their current, stale, asset database or are simply unaware of everything that is on their network – until now!

How does the new Legacy Operating System Report help?

In the latest release of Aura Asset Intelligence, we unveiled a new Legacy Operating System Report. This report is built upon our scalable metrics framework to quickly, and easily, identify the assets that are running legacy Operating Systems.

The new report firstly identifies all of the active workstation and server assets that have been discovered on the network by Aura. It then analyses the Operating System running on each and compares this against a pre-populated, but business customisable, list of known legacy Operating Systems. Any assets that match a legacy Operating System are reported as defects, along with the Operating System in question and other relevant asset information. This report can now be used to quickly identify the risk posed by legacy Operating Systems and remediate any affected assets.

As with all reports in Aura, this report updates on a continuous and real-time basis, meaning that any changes are reflected immediately and every time you access the report, you will know you are getting the latest results.

Stop wondering (and worrying!) about how many assets you have running legacy Operating Systems. For more information about Aura Asset Intelligence, or for a demo, please please contact us us today.

© Discovered Intelligence Inc., 2020. Unauthorised use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.

You might also like
Aura Integration Spotlight: Cribl
Webinar – Know your Unknowns – Strengthen Security with Continuous Asset Discovery for Splunk
Accelerate your Investigations – Associating Assets and Identities to Log Events over Time
Continuous CIS Controls Reporting
Supercharge Splunk Enterprise Security with Aura Asset Intelligence
Aura Asset IntelligenceWhat is Aura Asset Intelligence?
Identifying Abnormal Asset and User Locations
CISA BOD 23-01Aura Asset Intelligence Helps FCEB Agencies Meet BOD 23-01 – Improving Asset Visibility and Vulnerability Detection on Federal Networks