I work for Canonical as a Consulting Architect. Every design I put together I try to secure as best as possible. One reason I came to Canonical was because of the way we handle security updates and our approach to security. This blog post outlines how we handle updates, specifically around zero-day vunerabilities.
We have all heard of major break-ins at some of the world’s most trusted companies. It is something that, speaking as a former IT Security Analyst, keeps me on my toes when dealing with technology every day. Many of these major break-ins are due to flaws, commonly known as vulnerabilities, that exist in software. These vulnerabilities lie in wait for the day that a hacker discovers them and creates an exploit to attack a business for fun and/or profit. The most serious of these attacks, zero-day attacks, occur when attackers identify that flaw and release an exploit before the vendor has the opportunity to release a patch which fixes the vulnerability. Many times vendors are racing against the clock to fix the vulnerability before further damage is done.
Luckily Canonical works extremely quickly with our partners, customers, and the community when it comes to stopping zero-day attacks before they cause large-scale damage. Our goal is to reduce the time it takes to release a security update so you can patch quicker. Not only do we follow best practices when securing OpenStack but the Ubuntu Operating system, is engineered to be one of the most secure operating systems in the world. We do this by constantly monitoring for exploits, threats, and attacks, and also by working closely with our partners, customers, and the community to maintain vigilance over all aspects of security.
In a recent example of combating security threats, Canonical was notified of a “zero-day” vulnerability which is a hole in software that is unknown to the vendor. Within hours, the Canonical engineering team had release a security patch to both our customers and the community. While all threats can’t always be immediately addressed, this demonstrates the high level of attention that we pay to any notification of a potential vulnerability. Because of our engineering-focused security model, we can move quickly to eliminate threats.
The biggest weapon we have in fighting zero-day attacks is by constantly being on alert for threats. Canonical’s security team continuously monitors these threats by:
In order to move as quickly as we do, Canonical has developed a well-defined process for analyzing threats and producing security patches to stop problems before they begin. Once a vulnerability has been identified, security updates are done according to the threat prioritization. Our update process includes:
So why is having a well-defined process for identifying flaws and squashing them before they cause damage important? My belief is that we must prevent financial loss and secure you or your customers’ data asap. According to an IT Risk Survey released by security firm Kaspersky, the average security breach costs an enterprise $551,000 to recover from. Not only is it costly but your businesses reputation can be damaged, sometimes irreparably.
To further illustrate the point, let’s imagine you are a financial institution or insurance company. According to the 2015 IBM Security Index, these types of institutions are at the highest threat for being attacked. Having a partner that can quickly find and eliminate security vulnerabilities gives you a greater advantage for securing your customer’s financial information and reducing losses now and in the future.
Canonical has a goal to help secure the cloud to reduce those threats. Our people, processes, and technology ensure that vulnerabilities are quickly eliminated in order to protect you, your company, and your customers. For me, I am proud to be part of such a wonderful team that fights for your business. Because of this, I can, with confidence, advise our customers on the best possible outcomes for their projects.
Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.
Robots are an increasingly important part of our lives, in more ways than we realise. I’m not talking just about Roombas, or the toy robots that inhabit the wish lists of the world’s children (and the young at heart). Robots are…
The traditional approach to IoT requires customised hardware and kernels with a monolithic software image being flashed at the manufacturing stage leaving devices static. This renders devices unable to evolve functionality and subject to…
Ubuntu 14.04 LTS – ESM will become available once Ubuntu 14.04 Trusty Tahr reaches its End of Life on April 30, 2019. Extended Security Maintenance (ESM) is an available feature with Ubuntu Advantage, Canonical’s commercial support…