7/28/2019 Keep PCs safe
1/7
KeepyourPCssafewhilesurfingthe
WebUsingQualysBrowserChecktomakesureyourPCsandbrowsersareupto
date
Abstract:Regardlessofplatform,theWeb
hasbecomeahubofinformationandproductivity.Thebrowserhasevolvedto
becomeoneofthemost-usedapplications,
whichhasdrawntheattentionofcyber
criminalsmakingitapotentialAchilles
heelforsecurity.
7/28/2019 Keep PCs safe
2/7
2
WhatisthemostusedapplicationonyourPC?Stopandconsiderthatforamoment.
Dependingonyourrole,andhowyouuseyourPC,yourmileagemayvary,butinan
increasinglyonline,social,cloud-basedworld,theanswerformostpeoplewillbe
theWebbrowser.Fromabusinessperspective,webappsandwebsiteshave
becometheprimarygatewayforgettingthingsdone.
Thisfactisnotlostoncybercriminals.Attackerstypicallyprefertotargetthelow-
hangingfruit,andinstigateattackswiththebestoddsofsuccess.Exploiting
vulnerabilitiesinWebbrowsersandbrowserplug-insoffersaverylargepoolof
potentialtargets,andmakesbrowsersaweaklinkinthechainforbothbusinessesandconsumers.
UnderSiegeQualysgatheredinformationfromoveronemilliontypicalendpointstosurveythe
stateofbrowsersecurityandvulnerabilitymanagement.Overhalfofthesystems
morethan500,000PCscontainedatleastonecriticalvulnerabilitythatcouldallowanattackertologkeystrokes,monitorfinancialtransactions,orintercept
sensitiveinformationlikeusernames,passwords,bankaccount,orcreditcardnumbers.
Arehalfofthecompaniesandindividualsintheworldsimplynotkeepingtheir
operatingsystemsandWebbrowserspatchedanduptodate?Thatmaybethecase
forasmallerpercentageofthevulnerablesystems,buttherealchallengeiskeepingupwiththepaceoffrequentupdatestomoreobscuresoftware.
OverlookingtheWeakestLink
WhetheryoureusingInternetExplorer,Firefox,Chrome,orSafari,themajorWeb
browsersallhavesystemsinplacetoautomatekeepingthemuptodate.Some
businessesprefertomanagetheprocessratherthanlettingthebrowserupdate
itselftoavoidanypotentialconflictsordisruptions,buteveninthosesituations
theydoafairjobatpatchingandupdatingthebrowseritself.
Theproblemisthatthereareotherelementsassociatedwiththebrowserthatmay
beforgottenoroverlooked.Asthebrowsersthemselveshaveadoptedmore
proactivepatchingandupdatingpractices,thebattlelineshaveshifted,and
attackershavefocusedtheireffortsonnewtargets.
Vulnerableadd-ons,extensions,andplug-insmaygetlostintheshuffleandprovide
anAchillesheelattackerscanusetocompromisePCs.Highprofilebrowserplug-ins,suchasJavaorAdobeFlasharefrequentlytheweaklinkinbrowsersecurity,but
moreobscureadd-onsareevenlesslikelytobeproperlymaintainedandupdated.
Qualysfoundthat82percentofthesystemsitmonitoredhaveJavainstalled,and
thatmorethanathirdofthosesystemshaveavulnerable,outdatedversionofJava.
7/28/2019 Keep PCs safe
3/7
3
AdobeFlashwasfoundon67percentofthetestedPCs,andnearlyaquarterof
thosewerevulnerable.
OracleandAdobehavebeenkeptverybusyinrecentmonths,scramblingtodeal
withzero-dayvulnerabilitiesbeingexploitedinthewild.Itseemsasquicklyas
patchesandupdatesarereleased,attackersstarttargetinganewunknownflawandthecyclestartsalloveragain.
Clearly,businessesandconsumersneedhelptokeepupwiththefranticpace,and
makesurethesepluginsandadd-onsarepatched.
BrowserCheckThefirstandmostimportantstepissimpleenoughmakesureallpatchesand
updatesareappliedwhentheybecomeavailable.Unfortunately,thatcanbeafull-
timejobinandofitself.ThatswhereQualysBrowserCheckcomesin.
7/28/2019 Keep PCs safe
4/7
4
Qualysdevelopedafree,cloud-basedservicetohelporganizationsandindividualssimplifythetediousprocessoffiguringoutwhethertheirbrowsers,application
pluginsandOSpatchesareout-of-dateandwhattodotofixthemwhentheyare.BrowserCheckwasinitiallydesignedspecificallytoscanWebbrowsersandtheir
associatedadd-onsforvulnerabilitieshencethename.Sinceyourbrowserisonly
assecureasthesystemitsrunningon,QualyshassinceexpandedthefocusofBrowserChecktoscanforthelatestsecurityupdates,andverifyimportant
operatingsystemsettingsonWindowsPCs.
SettingupBrowserCheckonlytakesafewseconds,andconductingascandoesnt
takemuchlongerthanthat.BrowserCheckwillscanyourbrowsersandplugins,andprovideresultsidentifyinganyissues.Inmostcases,BrowserCheckprovidesone-
clickaccesstodownloadthelatestupdate,orconfigurethenecessarysettingsto
addresstheproblemandsecureyourPC.
BrowserCheckBusinessEdition
7/28/2019 Keep PCs safe
5/7
5
Theplayingfieldhasshifted.AccordingtodatainSymantecsInternetSecurity
ThreatReport20131,drive-byWebattacksincreasedbyonethird,in2012,and50
percentofalltargetedattacksin2012wereaimedatbusinesseswithfewerthan
2500employees.
BrowserCheckisagreattoolforindividuals,butITadministratorsneedatoolthatcanbecentrallymanagedandmonitored.BrowserCheckBusinessEditionkeeps
multiplePCsandbrowsersuptodatethroughthesamefree,cloud-basedtoolthat
canbemanagedbytheITadminthroughaWeb-baseddashboard.
WiththeBrowserCheckBusinessEditionconsole,ITadministratorscanviewat-a-
glancestatus,anddrilldownintospecificmachinestoviewrecentscanresults.The
consoleprovidesthetoolsandstepsnecessarytodeterminehowfrequently
automatedscansshouldbeperformed,anddeployBrowserChecktousersPC.
OrganizationscanverifythatOSupdatesareinstalled,trackwhichbrowsersandplug-insareinstalledoneachPC,andensurevulnerabilitiesareaddressed.
WithBrowserCheck,businessescanquicklyseeiftheircomputersarekeeping
current,orarefallingbehind,whichpotentiallywouldgiveonlinethievesan
7/28/2019 Keep PCs safe
6/7
6
opportunitytostealinformationorbreakintocorporatenetworks.Automating
thesetaskscanmakebusinessesmoreefficient,boostsecurityandshowcompliance
auditorsthatindustrybestpracticesarebeingfollowed.
BrowserCheckBusinessEditionalsofreesuptheITstafffromtediousdrudgery.ThetimeandskillsofITpersonnelcanbeputtomuchmoreimportantuse,andprovide
morevalueforthecompany.
PaulSimmonds,co-founderofTheOpenGroupsJerichoForum,pointsoutthat
mostsmallandmediumbusinessesdontevenhaveanITdepartment,neverminda
securityteam.TheyjusthaveapersondesignatedtomanageIT.Simmondspraises
BrowserCheckBusinessEditionasaverysimplewayfortheseorganizationstomanagesecurity,whetheritsforfivePCs,orahundred.
Simmondsexplains,Oneofthebeautifulthingsisthatalotofnetworktoolsout
thereonlyoperatewithintheirLAN.Thisisacloudsolution,whichmeansanyone,anywherecanbeapartofthesystemsyoumanage,adding,Itconstantlykeeps
youuptodateandtellsyouthestateofthemachines,anditwillcheckissuesacrossallinstalledbrowsersregardlessofwhichbrowseryouactuallyusethetoolfrom.
7/28/2019 Keep PCs safe
7/7
7
TheBottomLine
Thevastmajorityofattacksagainstbusinessesofallsizesrelyonexploitingknownvulnerabilities,andattackersarefocusingtheireffortsonlow-hangingfruitlike
browserextensionsandadd-onsthatofferaneasybackdoorintovulnerable
systems.
Ashackersareincreasinglyexploitvulnerabilitiesinbrowsersandtheirplug-ins,
QualysGuardBrowserCheckisaneasy,freewaytoreduceyourriskofattack.For
businesses,QualysGuardBrowserCheckBusinessEditionprovidesasolutionthat
automatesbrowsersecurityforemployeecomputers,strengtheningtheirsecurity
againstattack.
AboutQualys
QualysInc.(NASDAQ:QLYS),isapioneerandleadingproviderofcloudsecurityandcompliancesolutionswithover6,000customersinmorethan100countries,
includingamajorityofeachoftheForbesGlobal100andFortune100.The
QualysGuardCloudPlatformandintegratedsuiteofsolutionshelporganizations
simplifysecurityoperationsandlowerthecostofcompliancebydeliveringcritical
securityintelligenceondemandandautomatingthefullspectrumofauditing,
complianceandprotectionforITsystemsandwebapplications.Foundedin1999,Qualyshasestablishedstrategicpartnershipswithleadingmanagedservice
providersandconsultingorganizations,includingAccuvant,BT,DellSecureWorks,
Fujitsu,NTT,Symantec,Verizon,andWipro.Thecompanyisalsoafounding
memberoftheCloudSecurityAlliance(CSA).
Formoreinformation,pleasevisitwww.qualys.com/browsercheck.
1SymantecInternetSecurityThreatReport(ISTR)2013:
http://www.symantec.com/content/en/us/enterprise/other_resources/b-
istr_main_report_v18_2012_21291018.en-us.pdf
Top Related