Why ShellShock Isn't Over Yet

Updated on July 5, 2016 by Greg Pollock

Shellshock-2When you want to win, you don't attack where your opponent is strongest; you hit them where they're weakest. Quarterbacks throw to the receiver covered by an injured corner, bike thieves look for the bike with the weakest chain, and lions drag down the wildebeest at the back of the pack. The larger the surface area, the more likely there is to be variation in the strength of defense, and the larger the difference between the strongest and weakest points.

This is what makes widespread vulnerabilities like ShellShock all the more dangerous. Security strategies focused on robust defense of the most valuable assets forget that those are least likely to be the initial point of attack. Gaining access to a poorly secured device or account is much easier. Once one endpoint has been compromised, intruders can seek out the next weakest point of entry, leapfrogging their way to the pot of gold. With ShellShock, the surface area is huge and provides intruders with targets that are likely to be poorly secured.

The challenge for responding to ShellShock isn't to devise a brilliant defense against an ingenious attack. It's ensuring 100% compliance with security standards. The ShellShock exploit is relatively easy to check for and patch against, but you do have to take action. Similarly, the SynoLocker attacks depended on finding open ports—ports that could and should have been secured if the user was mindful of their configurations. It's not hard, but everyone has to do it to keep your system safe.

Defending against ShellShock or SynoLocker -style attacks requires visibility and accountability. Unless you know the state of your nodes and can easily confirm that the state today is what it was last week, you are vulnerable. For these types of vulnerabilities, where sunlight is the best disinfectant, UpGuard is the perfect tool for protecting yourself.

UpGuard is designed to ensure that you know the state of every node in your system. Universal visibility provides a layer of protection that greatly reduces the surface area and clears out the lowest hanging fruit. Most importantly, UpGuard makes it easy to test the state of every endpoint. With ShellShock, for example, it is relatively easy to run the command that reveals whether a given system is vulnerable. If you oversee many machines, however, you need to run that command many times, increasing time spent, risk of manually error, and the cost of duplicating the action. UpGuard centralizes your system testing so that you can achieve the 100% coverage needed to keep the hyenas away.

Defending against attacks that look for low hanging fruit across a massive surface area requires a change in security thinking. Instead of being "control-oriented and threat-oriented," security means focusing on "continuous monitoring and addressing the most pressing vulnerabilities." Monitoring for compliance isn't a regulatory roadblock, it's the only reasonable response to the threats we face today.