Inside view of the IT infrastructure enables proactive hazard prevention. What the security gap in Microsoft Exchange shows us afterwards.
In the first quarter of this year, the Microsoft Exchange security gap that had become known rightly caused major headaches for many IT managers. In Germany alone, the CERT-Bund, which is part of the Federal Office for Information Security (BSI), assumed at least 2021 vulnerable Exchange servers in March 26.000.
Over 26.000 Exchange servers affected
How high the total damage was for the affected companies alone can hardly be quantified, as no information about this was made available to the general public. In individual cases, especially when the attackers succeeded in stealing important company information, the amount of damage should have easily been in the mid seven-digit range. It is all the more important to draw the right lessons from the attack information and scenarios - even if your own organization was not directly affected. It is becoming more and more important that the Chief Information Security Officer (CISO) receives the so-called IT security interior view. An elementary building block, especially in the context of a successful zero trust security approach, are endpoint detection and response (EDR) solutions.
"Unfortunately, the castle with its strong walls is still the dominant IT security concept in many medium-sized companies," says Thomas Uhlemann, ESET Security Specialist. “But what if attackers still manage to bypass all firewalls and, for example, get inside the security castle using software security gaps or simply using weak employee passwords? Here, CISOs should rely more on proactive and forward-looking security concepts and technologies. EDR solutions, which make it possible to detect and prevent unwanted data leaks at an early stage, are clearly playing an increasingly important role here. "
Proactive approach to security: Zero Trust
What lessons companies should learn from security incidents that have become known, what the zero trust approach developed by ESET includes and why IT security does not work without foresight can be found on the ESET corporate blog. Because: If the BSI warns, it can already be too late.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.