Third-party apps now a top vulnerability, says security expert

Attacks on third-party applications have become a major threat to enterprise information security, says security firm NGS Secure of the NCC Group.

Attacks on third-party applications have become a major threat to enterprise information security, says security firm NGS Secure of the NCC Group.

This is a well-established attack vector, as shown by the latest exploits of another zero-day vulnerability in Adobe's Reader and Acrobat software, said Paul Vlissidis, technical director at NGS Secure.

"It points to what is now a major threat area; vulnerabilities in third-party products that people have on their desktops," he said.

Operating system suppliers all have reasonably effective patching regimes, said Vlissidis, but it now falls to businesses to also check that all their other software is fully patched at all times.

"For corporate users, it underlines the need to have tight controls over all software products running across business networks," he said.

This is especially important, said Vlissidis, for software that has access to the internet either directly, or via plug-ins supporting browsers and e-mail attachments.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close