Why the ability to install software on-the-fly is a security liability

The good news is that the majority of Suite3 clients are now actively protected against ransomware thanks to our ZeroTrust application whitelisting/approval solution, powered by ThreatLocker. However, we periodically receive (somewhat pointed) feedback on it’s blocking the installation of legitimate software. For example, we had the president of a client send in a note recently, saying “I just got word that threat locker is wreaking havoc with our software and the ability to update and make changes to it. We need to do this in the field and on the fly regularly.  How do we make this go away?”

In these cases, the best course of action is to schedule updates in advance.  The “on the fly” component would require changes to occur at any time, meaning that an environment would be open to changes that are wanted (legitimate software updates) or not (ransomware).

The best course of action is to let us know a couple days in advance for any planned software updates. In those cases, we can schedule a maintenance window during which the client can perform the upgrade without being prompted for approval.  However, active protection mode should be enabled as much as possible.

The number one Information Security threat to businesses is unauthorized access by a third party with malicious intent. The common attack chain involves getting a user to volunteer their login credentials via phishing email, or often buying those credentials from the Dark Web having been harvested previously in a data breach of a third party. If that user doesn’t practice good password hygiene and uses those lost credentials as their network login credentials and MFA is not in place for remote access, the bad actor is in and can exfiltrate and/or encrypt data.

Therefore, we recommend everyone accept the slight inconvenience of an application installation prompt in exchange for adopting an improved security stance, otherwise known as adopting a “security mindset”. If you are ever prompted for approval when install software, imagine if at that moment it wasn’t you trying to install software and was instead a bad actor trying to launch malicious software. In that case, the solution worked – security, for the win!