19 Sep Security and Compliance – What Your Company Needs to Know Part 2: MBSA
You need more than just an antivirus and security suite to keep your system safe. You need multiple, non-redundant solutions covering various aspects of network security. In our last blog, we discussed the role of whitelisting in keeping your network secure. Now we’re going to discuss a tool from Microsoft, which can be downloaded free of charge so you really have nothing to lose and plenty to gain.
Microsoft Baseline Security Analyzer (MBSA) operates on Windows machines to look for basic misconfigurations and vulnerabilities in IIS, SQL, windows administration settings, and password creation. It provides a quick way to check for missing Microsoft updates on non-domain and embedded systems. These are some of the first places malicious hackers start looking for ways into your system. The program also finds where your Microsoft software needs to be patched over, preventing malware from exploiting existing and known vulnerabilities in your system through a failure to update Microsoft software. Among other things, MBSA automates searching for new software updates you haven’t installed.
The most important piece of security is regularly updating all of your applications, including the operating system. Lower-level hackers and malware producers generally target known exploits that have already been patched over. They’re looking for the machines who haven’t updated their systems and are still working on exploitable software. Updating your applications and operating system is one of the best ways to maintain the security of your system. MBSA will quickly identify any machines on your system that do not have access to regular, automatic updates, allowing you to manually update as needed. While the application is at it, it will link you to articles on the Microsoft website letting you know how you might be personally impacted by the updated.
Such robust security is absolutely critical in the world of medical devices, which have been called “the next security nightmare” by WIRED. Hacking medical devices isn’t a thing out of a science fiction thriller, but a pressing security concern in the here and now. MedJack, for example, readily available malware on the Dark Web, infiltrates a single device, then fans out across an entire network.
Remember that every point of contact on your system is an opportunity for a hacker. Once your system is hacked, all of your devices in development are vulnerable. From there, your company could have to deal with production grinding to a halt or even a massive recall like the kind that impacted over half a million pacemakers in August 2017. Securing your company’s devices begins with securing your network. Even barring security loopholes, your devices might just not run properly without regular updates on your end, once again raising the specter of a recall.
There are potential vulnerabilities in every security solution you and your security team should be aware of. If you’re not regularly updating MBSA, it might be working from old data and not providing updates other users need. This is especially true of machines that are not connected to a network or are sporadically connected to a network.
All told, however, MBSA and whitelisting will take a lot of pressure off of your engineering team, allowing them to do what you’re paying them to do with their time — create and improve your products. SPK and Associates can help you to best leverage tools to keep your system safe and your engineers on task.
To learn more about security, specifically as it applies to innovations in Smart Medical Devices, read our latest white paper, Navigating Compliance and Cyber Security Concerns in Smart Medical Device.