alphaspirit - Fotolia
How should undocumented features in software be addressed?
Kaspersky Lab recently discovered an undocumented feature in Microsoft Word. Expert Kevin Beaver explains the risks and what to do if you come across one of these software flaws.
Kaspersky Lab recently discovered what it called an undocumented feature in Microsoft Word that can be used in a proof-of-concept attack. Are such undocumented features common in enterprise applications? What steps should you take if you come across one?
Undocumented features is a comical IT-related phrase that dates back a few decades. Many software developers, vendors and tech support professionals use the term undocumented features because it is less harsh than the word bug.
Furthermore, it represents sort of a catch-all for all of software's shortcomings. If it's a true flaw, then it's an undocumented feature. If it's a bug, then it's still an undocumented feature. And if it's anything in between -- well, you get the point.
In reality, most if not all of these so-called proof-of-concept attacks are undocumented features that are at the root of what we struggle with in security. We don't know what we don't know, and that creates intangible business risks. The software flaws that we do know about create tangible risks. Either way, this is problematic not only for IT and security teams, but also for software developers and the business as a whole.
With that being said, there's often not a lot that you can do about these software flaws. In many cases, the exposure is just there waiting to be exploited. However, there are often various types of compensating controls that expand from the endpoint to the network perimeter and out to the cloud, such as:
- proper malware protection that can detect and defend against today's advanced malware;
- host-based IPS;
- data loss prevention and cloud access security broker technologies to prevent data from being captured and exfiltrated;
- network segmentation and perimeter controls, including firewalls and IPS, that can monitor and block anomalous traffic in both directions;
- proper security monitoring, logging and alerting; and
- a solid patch management program that not only targets updates to local operating systems, but also to third-party software, such as Microsoft Word, Java and Adobe products.
If just one of these items is missing from your overall security program, that's all that it takes for these undocumented features and their associated exploits to wreak havoc on your network environment.
Ask the expert:
Want to ask Kevin Beaver a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Application and platform security
Related Q&A from Kevin Beaver
Inbound vs. outbound firewall rules: What are the differences?
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Host IDS vs. network IDS: Which is better?
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Network security vs. application security: What's the difference?
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading