Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Taking the fear out of Java and Flash vulnerabilities

October 20, 2017

  • Blog
  • Archive

Over recent weeks, security concerns around Java and Flash vulnerabilities have risen to the surface once again. In December the National Defense Radio Establishment in Sweden was exposed for having significantly outdated versions of popular apps running, leaving the government organization wide open to cyber attack.

The security lapse highlights how even those organizations at the bleeding edge of IT can be easily exposed by hackers and cyber criminals through unpatched applications.

Problems with Flash and other popular applications like Java are nothing new. It's reported that over 83% of enterprise browsers have Java enabled, yet only 19% of enterprise Windows-based computers ran the latest version, leaving many wide open to hacking. Similarly, nearly 40% of users are not running the most up-to-date versions of Flash. In fact, nearly 25% of Flash installations are more than six months old, close to 20% are outdated by a year and nearly 11% are two years old.*

The regular number of updates required to maintain Java and Flash can themselves cause headaches for the IT team, resulting in businesses constantly playing catch up or having fragmented deployments. In addition, many organizations rely on the older versions of applications to keep the wheels of business in motion. As business applications use these tested versions of Java and Flash, IT departments are forced to sacrifice security in order to keep them running while deploying updates.

Very often, this approach results in organizations banking on antivirus and reactive technologies to stop any potential threats. Malware authors are well aware of this and therefore target specific vulnerabilities with exploit kits that encrypt payloads to bypass the antivirus. The scale of the challenge is clear to see and overcoming it can seem like a daunting prospect.

So what's the solution?

A proactive, layered approach to IT security, based on defense in depth (DiD) is a simple yet effective way to overcome application vulnerabilities and wider threats. Combining proactive strategies such as Application Control, that allows only approved versions of Java or Flash to run, Sandboxing, to isolate web borne exploits and Privilege Management to protect the operating system, all combine to significantly improve your security posture.

This approach is one championed by leading industry associations such as SANS and the Council on Cyber Security as the most effective 'quick wins' based on real-life attacks.

To learn more about how Avecto can help you improve your security posture with applications through its Defendpoint software visit www.avecto.com/defendpoint

* http://community.websense.com/blogs/securitylabs/archive/2013/09/05/new-java-and-flash-research-shows-a-dangerous-update-gap.aspx

Andrew Avanessian

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.