Many organizations are finding that enterprise software from vendors, such as Oracle and SAP, is outliving the willingness of those vendors to support older versions.
That was the situation faced by the College of American Pathologists (CAP), which provides proficiency testing to thousands of laboratories worldwide. CAP uses multiple versions of Oracle E-Business Suite 12. CAP joined us on a on a recent webinar where we rolled out our new suite of security services, .
Fighting hidden cybersecurity threats
Most IT security leaders fear that an unknown, or Zero-Day, vulnerability hiding within their applications or systems will lead to a costly security breach. A Zero-Day attack results from vulnerabilities that were previously unknown – or simply not disclosed by software providers – allowing attacks to remain undetected for days, weeks, or months. Many organizations rely on software vendor patches to stay safe, but that often exposes them to unknown and even known vulnerabilities that have been identified but not addressed with a patch.
Unfortunately, software vulnerabilities can be a ticking time bomb for many organizations. You need only look back to late 2021 when we all found out about the ubiquitous Log4j open-source code threat that represents an “endemic vulnerability” that could remain in systems for a decade or longer according to the U.S. Cyber Safety Review Board.
“Over a period of time, those [Oracle applications] were outdated and out of support,” CAP Senior Manager of Information Systems, Sameer Dalal, describes in the webinar. The organization partnered with Rimini Street in 2019 to support its Oracle platform.
Scott Brinker, CAP’s senior manager of cybersecurity and application security explained that their existing applications were using older versions of Java. With Rimini Street Advanced Application and Middleware Security (AAMS), the Rimini Street support team was able “to bump us up to a higher version of Java, virtually, and gives us the opportunity to provide the resiliency that we need for our middleware systems as well as giving us better performance because we’re moving up to a more optimal version of Java,” said Brinker.
Protecting against known and unknown vulnerabilities
Even with the best efforts, vendors can’t fully secure their code. That’s why organizations need real-time protection and virtual patching to stay safe.
AAMS, for example, protects against known and unknown vulnerabilities using Java Runtime detection and remediation before attacks reach their intended target – including releases that are no longer fully supported by the vendor.
That functionality is only one component of the Rimini Protect solutions and services suite announced this summer. The suite enhances a “defense-in-depth” strategy and achieves Zero-Day security protection against the threat of known and unknown vulnerabilities. Rimini Protect combines always-on defenses, 24/7 managed services, and additional expert-based services to protect Oracle and SAP environments, including applications, middleware, and databases.
“Rimini Protect goes well beyond typical software vendor patching to protect the entire environment of applications, middleware, and databases. It uses active security controls that monitor activities in real time to identify malicious actions and proactively block processes that attempt to exploit known and new Zero-Day vulnerabilities,” according to Gabe Dimeglio, Rimini Street GVP and general manager, Rimini Protect.
Advanced protection through managed services
With just under half of all breaches coming through web pages, organizations face an immense structural challenge, notes Fabian Partigliani, chief executive officer at RedShield, a web applications security services provider and Rimini Street partner, details during the webinar.
Some of the key mega-trends putting organizations at risk include:
- Increasing incidence of cyberattacks: In 2021 alone, there were 623 million ransomware attacks. The average, fully loaded costof a data breach is $4.2 million and 25% of all data breaches are motivated by espionage or the desire to steal commercial information. Along with remediation costs and potential financial penalties, breached organizations may face reputational damages that could persist for years.
- Growing regulatory compliance burdens: According to an Accenture survey, “Nine in 10 respondents expect evolving business, regulatory, and customer demands to increase both their compliance-related and compliance operating costs by up to 30% over the next two years.” IT organizations also find themselves struggling with vendor-imposed audits to ensure compliance with software licenses.
- Hiring and retaining experienced ERP professionals: IT talent gaps are particularly painful for organizations running older software versions. As skilled team members retire, they’re harder to replace because younger workers prefer to apply their skills in areas they view as more exciting. “There are about 2 billion websites, apps, and APIs in the world, and only about 27 million developers and those developers aren’t focused on fixing old code,” Partigliani points out. “Only about 10% of vulnerabilities are remediated by enterprises each month, which is staggeringly low compounded with about 50 new vulnerabilities released each day.”
To learn how you can take control of your own defenses with Rimini Protect, view this on-demand webinar with Rimini Street CEO, Seth Ravin, joined by IT security experts discussing the escalating threat environment and how your current security strategy could leave you vulnerable.
You may also like:
- Watch: Getting off the vendor patching hamster wheel
- Read: CISO’s Guide to the future of ERP security
- Solution: Global Security Services