{"id":5962,"date":"2024-10-28T09:00:00","date_gmt":"2024-10-28T14:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/put-end-life-software-rest"},"modified":"2024-10-28T09:00:00","modified_gmt":"2024-10-28T14:00:00","slug":"put-end-of-life-software-to-rest","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/28\/put-end-of-life-software-to-rest\/","title":{"rendered":"Put End-of-Life Software to Rest"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

COMMENTARY<\/span><\/span><\/p>\n

When you’ve bought a haunted house, the worst thing you can do is decide to just live with it. Yet in every horror movie, there’s always that one person \u2014 usually the father \u2014 who doesn’t want to leave. Plates are flying off the shelves, blood is erupting from the sink, and Dad is ignoring all of it while pruning the ficus in the living room. <\/span><\/p>\n

Dad doesn’t last long in those movies, and it’s because he’s ignoring one universal truth: Denying that a threat is real won’t protect you from it. <\/span><\/p>\n

You’d think security-minded organizations would have learned that lesson by now. Unfortunately, many are just like Dad, resigned to an IT infrastructure that’s<\/span> <\/span><\/span>lousy with ghosts. <\/span><\/p>\n

Here’s one ghost we can vanquish right now: obsolete software. <\/span>End-of-life (EOL) software<\/a><\/span> is surprisingly common; <\/span>nearly two-thirds of companies<\/a><\/span> still rely on applications that no longer receive security updates from their vendors. <\/span>This leaves critical systems exposed<\/a><\/span>, making it a problem no business can afford to ignore. <\/span><\/p>\n

The Terrors of EOL<\/h2>\n

So, if EOL software is so scary, why is it so pervasive? Before we start berating companies \u2014 like a horror movie audience yelling at the characters onscreen to make better choices \u2014 let’s try and understand what makes obsolete software so challenging to manage.  <\/span><\/p>\n

Cost<\/h3>\n

Budget is undoubtedly the biggest reason companies use unsupported legacy applications. Sometimes, this is understandable \u2014 for instance, plenty of healthcare providers <\/span>simply can’t afford<\/a><\/span> to replace their very expensive and specialized legacy tools. <\/span><\/p>\n

But let’s be honest: A lot of companies just don’t want to <\/span>pony up the cash<\/a><\/span> needed to maintain their tech stack properly. Updating or replacing software can be costly and disruptive. Who wants to take on that challenge, especially when the danger of inaction seems hypothetical?  <\/span><\/p>\n

But this logic is (fatally) flawed. Any money you save by clinging to EOL software <\/span>will be swallowed by the inevitable cost of a data breach<\/a><\/span>. And that cost is likely to be higher if you’re running outdated software, with no support to get your compromised systems back online.  <\/span><\/p>\n

Shadow IT<\/h3>\n

EOL software has such a long afterlife that admins frequently aren’t aware of it.  <\/span><\/p>\n

Occasionally, vendors <\/span>fail to adequately communicate<\/a><\/span> when software is no longer supported (“Why \u2026 that program’s been dead for over 40 years.”). And sometimes, EOL software takes the form of shadow IT.  <\/span><\/p>\n

Our 2023 study showed that <\/span>47% of companies<\/a><\/span> allow employees to access resources from unmanaged devices. That means any individual user could have EOL (or simply unpatched) software on their device, and admins would have no way of knowing.  <\/span><\/p>\n

Put EOL Software to Rest<\/h2>\n

Hopefully, by now, you’re convinced that EOL software is a problem and you’re sharpening stakes and smelting silver bullets.  <\/span><\/p>\n

But while it’s straightforward enough to update the legacy systems you know about, what are you supposed to do about all the EOL software you <\/span>don’t <\/span><\/span>know about? How do you fight what you can’t see? <\/span><\/p>\n

Monitor EOL Status<\/h3>\n

Start with a complete audit of all the work-related software in your organization. That includes not just the company-wide, big-ticket items but every end user’s device (even BYOD). If you find a user still running, say, Big Sur, stop them from accessing company resources until they update to a supported version.  <\/span><\/p>\n

Manually, keeping up with EOL dates is a tall order. But there are tools, like <\/span>this API<\/a><\/span> from endoflife.date, that can alert you when software becomes obsolete. A purpose-built agent like <\/span>osquery <\/a><\/span>can help discover the presence of installed EOL software across your fleet. <\/span><\/p>\n

From there, you need to establish ownership of EOL remediation so it’s not just a game of whack-a-mole for the security team. Instead, make it a part of your existing patch management and compliance strategy and check in regularly. <\/span><\/p>\n

Banish EOL Software From Your Systems<\/h3>\n

Anyone dreading the approach of <\/span>Windows 10 EOL<\/a><\/span> in 2025 knows that these transitions require a lot of care and planning, and you can expect resistance from leadership and end users alike.  <\/span><\/p>\n

The only way to overcome the fears around EOL software is to face them through clear communication. That starts by getting leadership buy-in and extends to communicating with end users when you find EOL shadow IT. Once you’ve set a policy, use a device trust solution to block devices running EOL software. But use blocking as a chance to explain the dangers of this software. Then, instruct <\/span>users<\/span><\/span> on how to fix the problem themselves. <\/span><\/p>\n

Everyone knows that in horror movies “Let’s split up, gang!” is a recipe for disaster. When you’re fighting to clear up a companywide problem, you need collaboration at a companywide level. So when you start diving into the scary world of EOL software, my advice is: Don’t go it alone. <\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

COMMENTARY When you’ve bought a haunted house, the worst thing<\/p>\n","protected":false},"author":12,"featured_media":5963,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-5962","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/put-end-of-life-software-to-rest.jpg?fit=1800%2C1012&ssl=1",1800,1012,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/put-end-of-life-software-to-rest.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/put-end-of-life-software-to-rest.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/put-end-of-life-software-to-rest.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/put-end-of-life-software-to-rest.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/put-end-of-life-software-to-rest.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/put-end-of-life-software-to-rest.jpg?fit=1800%2C1012&ssl=1",1800,1012,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/put-end-of-life-software-to-rest.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/put-end-of-life-software-to-rest.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/put-end-of-life-software-to-rest.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/put-end-of-life-software-to-rest.jpg?fit=1800%2C1012&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5962","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5962"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5962\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/5963"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}