“Patch your systems in a timely manner” is a mantra of security experts, but what happens when the patch well runs dry because a product’s maker no longer supports it? That is a situation many large enterprises find themselves in, and it’s one that poses security risks.
Between 30 percent and 50 percent of the hardware and software assets in the average large enterprise have reached their end-of-life date, according to a BDNA report released last month.
End-of-life products pose a serious security risk to the enterprise.
“The vast majority of vulnerabilities — more than 99 percent — exploit out-of-date software with known vulnerabilities,” said BDNA President Walker White.
Oversight is a common reason end-of-life products continue to run on an organization’s systems.
“There may be a new version of a product, but because you don’t have a clear view of what’s in your environment, you can miss the old version in your upgrade process,” White told TechNewsWorld.
That’s how orphan apps are created, too.
“These products may remain on a network and are not removed because no one is using them, and no one has turned off their lights,” White said. “A hacker will exploit that kind of leftover artifact.”