by Josef Weiss
December 5, 2024
The proliferation of unsupported and end-of-life (EOL) products is a common security problem experienced across all organizations. As applications and operating systems reach EOL, vendors stop offering support, causing security and stability to decrease over time. This report provides organizations with a clear and simplified method to identify EOL software and enables security managers to predict where risk will increase to develop a mitigation plan.
Identifying assets running EOL applications is an important part of assessing and minimizing organizational risk since patches, updates and security fixes are longer available. Many industries have regulatory requirements (e.g., GDPR, HIPPA, PCI-DSS that mandate up-to-date software. In addition, the Center for Internet Security (CIS) states that organizations must ensure that only software applications or operating systems that are currently supported and receiving vendor updates are added to the organization’s authorized software inventory.
Tenable Vulnerability Management enables organizations to continuously assess the health and security posture of the network, including identification and monitoring of unsupported software. Quick identification of unsupported operating systems and applications, enables risk managers to see risks associated with EOL software. Identifying exposures, provides the operations teams direction to implement, act, and prioritize remediation efforts to mitigate cyber risk. Risk managers and operations teams can communicate to the leadership team how upgrading unsupported operating systems and applications reduces their network risk.
Tenable Vulnerability Management uses active methods to identify EOL products found in the environment by examining the Microsoft registry, common software installation locations, or using applications utilities such as YUM or APT in Linux systems. Risk managers are able to verify the operation team's activities and identity areas for risk mitigation.
This report provides the organization with a clear and simplified method to identify EOL software and enables security managers to predict where risk will increase and develop a mitigation plan.
Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Vulnerability Management discovers and analyzes assets continuously to provide an accurate and unified view of an organization’s security posture. The requirements for this report are: Tenable Vulnerability Management (Nessus, NNM).
Chapters
- Executive Summary - This chapter provides organizations with an executive level view of vulnerabilities related to unsupported and software end-of-life applications.
- Unsupported Software by Application - The Unsupported Software by Application chapter displays vulnerabilities that are being leveraged by threat actors over an extended period of time in targeted attacks, ransomware, or malware campaigns.
- Unsupported and SEoL Assets - The Unsupported and SEoL Assets Chapter provides a summary of the assets with unsupported or SEoL software. Identifying and upgrading unsupported operating systems and applications is essential to an effective security program.