January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hot fixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day. Cynet 360 autonomous breach protection is a good example of a multilayered advanced protection solution that can enable organizations who run Windows 7 to remain secure despite the end of support (To learn more click here).
Let’s deep a bit deeper to understand the risk. The reality is that every software contains bugs. Ideally, these bugs are discovered during the development process. In practice, many of them surface only following the product release in the course of their interactions with real users. Bugs that can be exploited for malicious purposes are called vulnerabilities. Microsoft conducts rigorous and ongoing research to discover and fix such vulnerabilities.
Every second (or sometimes fourth) Tuesday of the calendar month Microsoft releases these fixes, also known as patches. Once these patches are installed, the machine is 100% protected from the exploitation of these vulnerabilities. However, this protection would no longer apply to machines that run Windows 7 starting from January 14, 2020.
‘It’s a critical challenge for many organizations’, says Eyal Gruner, founder and CEO of Cynet, ‘The reality is that Windows 7 is alive and kicking in many organizations even if Microsoft chooses not to protect them anymore. It should be a wake-up call to any CISO to ask himself or herself how to adjust to this new reality’.
What indeed can be done to protect Windows 7 machines in the post EOL era? Gruner explains that this is where multilayered protection should step in.
‘One of our main guidelines when building Cynet 360 was to be able to operate in a fast-changing environment, meaning that every type of attack is analyzed from multiple perspectives, each resulting with a different protecting mechanism. If we take exploits targeting Windows 7 as an example, there is first the exploit protection per-se. By closely monitoring process behavior in memory, the detection engine can easily detect behavioral patterns that are typical to exploits and would never occur in a legitimate process.
‘And we should remember that in most to all cases, the exploit itself is not the end but the mere mean to open a network connection and download the actual malware. Cynet 360 monitors that connection as well. And if a process starts running Cynet would analyze it in real-time – regardless if there was an actual download of file to disk or if the payload runs only in memory – and use multiple behavioral analysis methods to detect if it’s benign or malicious, terminating it in the case of the latter.’
So, is Windows 7 EOL a reason to be concerned? Probably yes. Can organizations that run Windows 7 maintain the same level of security as they did before? Certainly yes, as long as they have the right type of protection in place.