Application Security Vulnerabilities Continue to Diversify
It goes without saying that enterprise security is critical to modern IT operations. While we tend to focus on the benefits of maximizing application compatibility with application containers and modernizing application management with Cloudpager, there are significant security enhancements realized by utilizing application containers to deliver Windows desktop applications. Let’s get into it.
Attackers frequently focus their attention on popular applications, exploiting either unknown or unpatched vulnerabilities. In the past year alone, there was a 59 percent increase in critical vulnerabilities (The Stack, January 2023). Of these, 56 percent were exploited within seven days of public disclosure (Rapid7, February 2023).
IT is under more pressure than ever to adopt increasingly frequent application updates from vendors. For example, Google moved from a major update every six weeks to every four weeks, with minor updates every two to three weeks. In some cases, updates have been more frequent. Just last month, two zero-day vulnerabilities were patched in separate updates just five days apart (The Verge, March 2021). The change in frequency of updates has led to a 33.3 percent increase in updates to Google Chrome since 2021.
According to Microsoft’s own research, “attackers frequently focus their attention on popular applications, exploiting either unknown or unpatched vulnerabilities” (Microsoft, June 2023). This makes it critical for IT teams be able to quickly patch applications and dynamically roll back or remove applications from end user desktops in real time.
Applications that are simply installed with machine targeting have their bits (files, registry, services, etc.) exposed on the machine when not in active use, which could be leveraged for an attack. Recently, WinRAR was used to run malicious scripts by attackers. Blocking downloads for users is one level of protection, but if attackers find the WinRAR executable on a machine, they may still be able to leverage it. Some virtualization and layering products persist the bits of applications in standard install directory locations or custom package store directories in the local file system to help achieve certain compatibility and performance for usability purposes. Unfortunately, this leaves an application’s bits exposed, which can be detected programmatically by an attacker and potentially executed in an attack.
Reduce Your Attack Surface with Application Containers
Limit Application Exposure with Containers and Per-User Targeting
Unlike traditional installation methods and other virtualization solutions, Cloudpaging containers are virtualized on-demand and only presented to entitled users. Moreover, the application cache is uniquely encrypted per-machine, drastically reducing your exposure to security vulnerabilities.
By dynamically virtualizing applications on a per-user basis and on-demand, Cloudpager enhances the security of application provisioning to non-persistent desktops. This is because Cloudpaging containers only make application files, folders, and registry keys visible to assigned users. This helps mask applications from processes or users that should not be entitled to them, rendering them inaccessible by bad actors and drastically reducing the surface layer for attack.
I mentioned you can target all applications to users rather than machines. For years IT has been in the habit of deploying locally installed applications on a per-machine basis. It’s gotten to the point that teams have conformed to this approach, and some believe it is superior. In my opinion, this is a practice that belongs in the past and has mostly had longevity due to limitations with package formats of the past. Managing per user applications as EXEs or MSIs proved challenging and, in some cases, impossible. If an attacker gains access to a desktop in your organization, anything running on the exposed machine is at risk. Often an attacker may try to gain system privileges by using a technique called process injection, leveraging a running process that executes with that level of access. It is important to limit the visibility and access to applications for only those who truly need them.
Trying to deploy to users with certain application virtualization and layering products has also fallen short in this regard, as some of these products did not support user based installs in their format and had compatibility limitations for applications with drivers and other types of components meaning not all applications could be delivered with their format, forcing admins to still install applications with the older formats that only work properly with a machine wide install – which as suggested in this article has security implications.
Our Cloudpaging containers also allow you to prevent copying files and folders from application containers and disallow writing/ modifying files within the container. This protects the integrity of the containers while providing an additional layer of security for your most sensitive applications.
Another major threat emerging is supply chain attacks. These are where attackers gain access to the development systems of software vendors and inject legitimate applications with malicious code. Unfortunately, there is very little enterprises can do to protect themselves against this other than heavily scrutinizing the code themselves – a fully manual process – which is just not realistic. While Cloudpaging containers cannot protect enterprise customers against code injection from taking place, having applications running in containers ensures you are only exposed when the application is running.
You can also configure containers to prevent the container from copying files outside of its container space, which could restrict what an attacker’s malicious code could achieve. Thanks to the per-user approach to application provisioning, when an application is in-use it will only be exposed to those entitled to it, significantly reducing the risk. If the affected application was installed on every machine in your organization and targeted by machine using a traditional deployment tool and package format, your exposure could be critical.
The ability to dynamically provision applications with per-user targeting, along with detailed usage reporting equips IT to rapidly and cleanly remove any application from compromised desktops. Imagine being in the war room when dealing with a major security threat and being able to quickly see how regularly the application with the known security flaw is actually used and have the ability to quickly remove it from all effected users, roll back to a previous version that did not contain the flaw, and/or quickly package and deploy an update with security fixes in real-time – without the need for users to logout, reboot, or have their session interrupted by an installation dialog. That is modern application management!
Conclusion: Application Containers Enhance Enterprise Security
Containers alone are not a security silver bullet. To maximize enterprise security you should follow industry best practices (e.g., using least privilege management, restricting downloads by users, etc.) but containers can add an extra security layer to reduce the surface layer for attack and provide administrators with a tool to quickly manage applications in a time of need.
As highlighted throughout this article, a move to application containers can transform the security posture of every enterprise organization. By modernizing application provisioning and updates with a modern application container management platform, you can rapidly service your employees regardless of where they are located without compromising your corporate network and corporate assets – thanks to our automated policy enforcement, quick consistent application patching and rollback capabilities, unique disposition layers, and more.
Blog Update – June 19, 2023
This blog was updated on June 19, 2023 to address new content produced by Microsoft on application containers (Microsoft, 2023) and reports that US government agencies were the target of a global cyberattack “that exploits a vulnerability in widely used software” (CNN, 2023), which we found relevant to how IT can enhance enterprise security efforts.
To learn more about enhancing the security of your applications with application containers and a truly cloud-native application container management platform, fill out the form below and our team will be in touch as soon as possible.