Before I start here: Let’s be clear that I will not say (and will never say) that if a customer was infected with Conficker he had a poorly managed network!
I had a lot of discussions over the course of time about the reasons for customers being infected. We all know the attack vectors of Conficker but what are the real reasons behind it?
I know that it is not easy but looking at the reasons above, I am convinced that a well-managed environment would have had a good chance to withstand Conficker. Well-managed meaning:
It just showed us once more that running a network of a certain size is an engineering practice and not an art. Today’s economical situation does not help here either as a lot of companies want to save cost. However, a well-managed network to me is an inexpensive network as well – and a secure network! So, we should definitely think about this further. I am convinced that in today’s time we have to move from “best of breed” to “best of need” and in addition we have to make sure we deliver and you deploy a “best of need integrated platform” to address the challenges outlined above. So that you can concentrate on a business strategy as well as on processes!
This raises the 1 Million Dollar question: How the hell can you make sure that you know what you need. Well, you have to do Business Risk Management. A lot of companies – to me – miss the “business” in the statement above it they do Risk Management at all. From my point of view, it is not the CSO’s job to decide about the risks acceptable for a company. It is the Management Board. At the end of the day it is a business decision and not an IT decision! However, it is the CSO’s job to make sure the Management Board understands the risks they are taking on a level which is understandable for a business leader.
Let me add one final statement. Microsoft IT has a pretty tough job to do with all these geeks connected to the network running all sorts of beta software. However, I did not feel any disruption from Conficker. So, there is a good chance that they did an excellent job to keep it out. So, it is doable.
I will try to blog more about the platform in the near future. I started to bring these pieces together in my test environment to get some hands-on experience and I want to share more of this with you
This is the topic where you can debate for hours. I think this is happening for several years, organizations doesn't follow proper patch and compliance management procedures and when they get hit by viruses / worrms - they know who to blame!!
After all, even if we go to buy a laptop it only comes with 2 year warranty - it doesn't give you assurance for life-time gurantee for not breaking down.
I agree to the certain point that patch management is really hard to implement. Most of the organizations find very hard to patch the servers / clients straight away as soon patch is relased. They are heaps of reasons but more prominent ones are
1) Change management - it has to go for testing, approval from change management team and so forth - which takes weeks to deploy that patch (in most cases)
2) Organization hates rebooting their servers
3) Most of their applications are out-of-date and they are not sure whether this new patch will affect them or not.
This is the huge problem and bad guys will continue to take advantage of this, atlas people will continue blaming Microsoft and vendors for not providing secure softwares.