There are no flawless software systems or applications. When these flaws result in security vulnerabilities, threat actors may exploit them to compromise those systems and applications and, by extension, the endpoints on which they reside. Although software vendors issue patches to remediate flaws, many financial institutions do not apply all available patches to their production environments in a timely fashion. In addition, when systems or applications reach their end-of-support, they no longer receive vulnerability patches from their vendors. These two scenarios describe the conditions under which a system or application is considered "unpatchable." When patching or upgrading is no longer feasible, security professionals need to identify alternative ways to secure the unpatchable systems and applications to support their ongoing use as required for other business strategies.
This document presents a case study that discusses the security, risk and compliance ramifications of operating unpatchable systems and application such as legacy Windows® Operating Systems (e.g., Windows XP, Windows 8). These may still be found in older ATMs and aging endpoints that support check scanners, printers for passbooks, ATM cards, and other legacy banking applications.
The case studies outline the core attack vectors that threat actors can use to compromise unpatchable systems and applications and offer a technical solution that eliminates the reliance on vulnerability patches as a security measure while preventing breaches on the endpoints that operate those unpatchable systems and applications. This advanced endpoint protection uses a multi-method approach to detect and address exploits and malware while using machine learning, as well as static and dynamic analysis to identify cyber threats.
For more information on cybersecurity for the financial sector, visit our Financial Services industry page at https://www.paloaltonetworks.com/products/security-for/industry/financial-services.html