Picture of Les Spruiell
by Les Spruiell

Metasploit announced last month the availability of a BlueKeep exploit module that targets 64-bit versions of Windows 7 and Windows 2008 R2 through Windows Remote Desktop Services (RDP). While this is a net benefit for security practitioners, enabling them to identify susceptible hosts, it also is a reminder that it is only a matter of time until the next WannaCry-like ransomware attack comes.

Microsoft has been reminding users of the risks and encouraging them to apply patches. But that’s easier said than done. Patches generally disrupt existing operations and require application owner involvement. They may even require production requalification. Worse, customers may have legacy applications or operating systems that are no longer actively supported. Furthermore, once you’ve patched for one exploit, there’s invariable another one just behind it.

These challenges make it hard for enterprises to keep up to date, and are a major reason why well-known security vendors have been recommending customers to block the RDP port at the network level.  However, RDP was originally enabled to support business requirements.  How can IT block abuse of the RDP ports, while still allowing access to those same ports to support the business?

Zentera Systems’ CoIP® Platform elegantly solves this dilemma by blocking access to the physical RDP ports, while enabling access over a network overlay that applies additional control and security, with features like Application Interlock™, which restrict access to known and whitelisted RDP client binaries.

Zentera Systems recently engaged with a well-known security firm to validate the effectiveness of the CoIP Platform against vulnerabilities like BlueKeep and EternalBlue. The external assessment found that the CoIP Platform security protections were effective at blocking BlueKeep and EternalBlue-based exploits, even for unpatched systems, while still allowing normal application communication to continue through the network overlay. The conclusion of these tests was that customers using the CoIP Platform are not vulnerable to these exploits, even if they have not patched their systems.

Zentera’s CoIP Platform supports legacy operating systems – including Windows XP. This is a significant benefit to manufacturing and IT/OT environments where older machines cannot be patched or upgraded due to issues such as an end-of-life application or operating system, or an operations that cannot tolerate downtime caused by constant patching and upgrades.

Companies can prepare for the next WannaCry by shifting the focus from network topology-based security to application-based zero trust security. It’s a question of when – not if – the companies need to be prepared.