fbpx
1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Security and Compliance – What Your Company Needs to Know Part 2: MBSA

windchill features best plm software
Written by SPK Blog Post
Published on September 19, 2017

You need more than just an antivirus and security suite to keep your system safe. You need multiple, non-redundant solutions covering various aspects of network security. In our last blog, we discussed the role of whitelisting in keeping your network secure. Now we’re going to discuss a tool from Microsoft, which can be downloaded free of charge so you really have nothing to lose and plenty to gain.

Microsoft Baseline Security Analyzer (MBSA) operates on Windows machines to look for basic misconfigurations and vulnerabilities in IIS, SQL, windows administration settings, and password creation. It provides a quick way to check for missing Microsoft updates on non-domain and embedded systems. These are some of the first places malicious hackers start looking for ways into your system. The program also finds where your Microsoft software needs to be patched over, preventing malware from exploiting existing and known vulnerabilities in your system through a failure to update Microsoft software. Among other things, MBSA automates searching for new software updates you haven’t installed.

The most important piece of security is regularly updating all of your applications, including the operating system. Lower-level hackers and malware producers generally target known exploits that have already been patched over. They’re looking for the machines who haven’t updated their systems and are still working on exploitable software. Updating your applications and operating system is one of the best ways to maintain the security of your system. MBSA will quickly identify any machines on your system that do not have access to regular, automatic updates, allowing you to manually update as needed. While the application is at it, it will link you to articles on the Microsoft website letting you know how you might be personally impacted by the updated.

Such robust security is absolutely critical in the world of medical devices, which have been called “the next security nightmare” by WIRED. Hacking medical devices isn’t a thing out of a science fiction thriller, but a pressing security concern in the here and now. MedJack, for example, readily available malware on the Dark Web, infiltrates a single device, then fans out across an entire network.

Remember that every point of contact on your system is an opportunity for a hacker. Once your system is hacked, all of your devices in development are vulnerable. From there, your company could have to deal with production grinding to a halt or even a massive recall like the kind that impacted over half a million pacemakers in August 2017. Securing your company’s devices begins with securing your network. Even barring security loopholes, your devices might just not run properly without regular updates on your end, once again raising the specter of a recall.

There are potential vulnerabilities in every security solution you and your security team should be aware of. If you’re not regularly updating MBSA, it might be working from old data and not providing updates other users need. This is especially true of machines that are not connected to a network or are sporadically connected to a network.

All told, however, MBSA and whitelisting will take a lot of pressure off of your engineering team, allowing them to do what you’re paying them to do with their time — create and improve your products. SPK and Associates can help you to best leverage tools to keep your system safe and your engineers on task.

To learn more about security, specifically as it applies to innovations in Smart Medical Devices, read our latest white paper, Navigating Compliance and Cyber Security Concerns in Smart Medical Device.

Latest White Papers

A Field Guide to Threat Vectors in the Software Supply Chain

A Field Guide to Threat Vectors in the Software Supply Chain

The software supply chain is made up of many integrated parts, people, and processes. The components range from tools and configurations to code libraries and systems. These components’ goals are developing and delivering software. Unfortunately, risks are high due to...

Related Resources

Security Without Sacrifices: The Future of DevSecOps

Security Without Sacrifices: The Future of DevSecOps

DevSecOps encompasses development, IT operations, and the security practices maintained during the software development process.  Ensuring security while providing continuous delivery of high-quality software is the goal of DevSecOps.  Let’s explore some of its key...

The Future of Data Engineering in 2024

The Future of Data Engineering in 2024

“Data engineering is the unsung hero of data science, the foundation upon which great data analysis is built.”Everyone in the computer science field is familiar with the phrase, “garbage in, garbage out.” This phrase encapsulates the importance of what goes on behind...

A Detailed Comparison of PTC Windchill and Siemens Teamcenter

A Detailed Comparison of PTC Windchill and Siemens Teamcenter

Two of the most common enterprise PLM software on the market are PTC Windchill and Siemens Teamcenter  These product lifecycle management solutions have many similarities, but there are a few key differences that may be deciding factors in choosing one. At SPK, we...