September 20, 2013
Webinar - Mitigating the Risk of Java Vulnerabilities
By Peter Bernstein, Senior Editor
There is no denying the popularity of Java. Developed originally by Sun Microsystems (now merged into Oracle (News - Alert)) the object-oriented computer programming language has become the platform of choice in the developer community for developing applications that can be written once and run anywhere. It is in many ways the “digital oil” of the Internet Age. There is an old saying that “with great power comes great responsibility.” In the case of Java, there is the added corollary that with great popularity comes great attraction to those with malicious intent.
In fact, it is pretty safe to say that Java has become the most targeted attack vector on endpoints and servers. More problematic for IT security professionals is the fact that security patches to remediate the vulnerabilities exposed in Java are not perfect fixes. In short, updating is not upgrading, and installing newer versions of Java often leaves older ones behind giving bad actors what can best be described as a “target rich” environment to exploit.
The above may seem like a very bleak picture if you are a security professional charged with protecting your enterprise’s critical digital assets. The good news is that the good guys not only understand the risks associated with the use of Java but have solutions that can provide you with the visibility you need to proactively as well as reactively ensure the benefits of Java can be leveraged without ratcheting up the risks associated with widespread use.
The challenges are that you need to know where, how, when, by whom and to what purpose Java is being used by your organization, and for that matter in its interactions with ecosystem partners and customers. This is an instance where you can’t know what you can’t measure, and hence where the first steps are increasing your visibility into Java use. In fact, given the sophistication and frequency of cyber threats these days, real-time is the only time for having extensive and comprehensive visibility into all of your vectors of vulnerability. It allows you to have the requisite knowledge to enforce policies and rules that make it safe for your organization to use Java-based applications, and be proactive as well as reactive in terms of dealing with risks.
If you are a big Java shop, or even if it use is relatively proscribed already in your organization, understanding the threats posed by Java behaving badly, and what to do about it, are extremely important. For this reason, you are invited to attend a webinar, Assess, Decide, and Enforce: Mitigating Java Vulnerabilities in Your Enterprise, Wednesday September 25, 2013, 2:00 p.m. ET/ 11:00 a.m. PT. Join me and Harry Sverdlove, chief technology officer, Bit9 (News - Alert) as we discuss:
- How to assess Java in your environment
- The steps you should take in evaluating if, when, and whether your organization needs Java
- Bit9’s solution for enabling you to enforce trust policies so that Java risks are reduced and can be remediated quickly when exploited by those who wish to do your organization harm
The fact of the matter is that network security is a top priority, but in a world where just protecting the perimeter is not enough for safeguarding critical digital assets, endpoint and server security has become a priority as well. As we are all well aware from the headlines, it only takes the compromising of one endpoint or server by malicious software to create real mayhem. As Bit9 likes to point out, “Malware is on your endpoints and servers—and so are the digital assets you need to protect.” The challenge is that endpoint and server security historically has taken a backseat to other security concerns and hence has created a major blind spot. It is this blind spot where Java executes, and it is why having visibility into Java use in your environment is so important.
There is no good reason for fighting today’s battles with yesterday’s counter-measures, and the webinar will give you valuable information as to how to provide your organization the protection it needs in an area that is particularly vulnerable to attack.
Edited by Rachel Ramsey