users tend to disable. Microsoft is helping by allowing users to schedule their updates
               and delivering other enhancements to the process.


               Delivering updates to all users quickly also challenges businesses. In a recent survey of

               IT pros by Adaptiva, over half of respondents indicated it can take a month or more for
               IT teams to execute Windows OS updates. That ultimately leaves systems vulnerable,

               and companies should work to patch much more quickly.





               2.  Switch Off Any Services You’re Not Using

               This seems like a no-brainer, but a number of companies don’t fully lock this down. Do
               you know which services your company is allowing and disallowing? Are you monitoring

               endpoints for rogue services and cracking down on it? If not, you should be.





               3.  Disable Any Ports That You Don’t Need

               Open  ports  are  a  red  carpet  welcome  for  a  variety  of  cyberattacks.  Every  company
               knows this. Yet many companies still don’t lock ports carefully. Or they do it once and

               then don’t verify compliance on an ongoing basis. Every Windows endpoint should be

               port-restricted to use only what’s needed—at all times.




               4.  Don’t Forget Your VMs!


               Andy says it’s amazing how many people do their physical systems and overlook the
               VMs when it comes to applying updates and other security configuration management

               policies. Your virtual machines are just as vulnerable a target as physical computers.
               Cyberattackers don’t discriminate.










                   35    Cyber Defense eMagazine – December 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.