makspogonii - Fotolia

Zscaler: Exposed servers, open ports jeopardizing enterprises

Zscaler analyzed 1,500 networks and found administrators are leaving basic points of entry wide open for attackers as neglected servers are falling by the wayside.

Exposed servers that are poorly maintained, and in some cases left untouched for months, are the best points of entry for hackers.

That's according to the team at Zscaler, who put some 1,500 companies to the test and found that, by and large, there was much to be desired. The cloud security vendor published research Tuesday that assessed network security postures between February 2020 and April 2021 and uncovered endemic security risks and poor patching.

The worst of the worst was Apache server software, the culprit for all five of the most common unpatched bugs. The severity of the flaws varies anywhere from medium-level privilege escalation flaws to critical bugs that are very much in panic mode, but if properly used, any one bug could result in catastrophe for an unprepared company.

Apache topping Zscaler's list isn't a complete surprise, as the open source server software is widely used across a variety of industries. Plus, taking down critical servers to install a patch or two is not easy for most system administrators, and skipping the occasional update in exchange for uptime can be a common occurrence.

Still, the numbers from Zscaler suggest that neglecting these bugs leave companies as the low-hanging fruit for criminals. The security firm estimated that, on average, companies are exposed to at least 135 known vulnerabilities, and it found a total of 202,316 potential vulnerabilities and 750 unique exploits among the environments it analyzed.

But Zscaler also shined a light on other problems for enterprises, namely exposed servers and cloud instances as well as open ports.

"The highest level of exposure we found came from servers, with 392,298 servers that were discoverable on the internet and possibly vulnerable," Zscaler wrote in the report. "This means that an organization has an average of 262 servers exposed not only to bad actors, but to the entirety of the internet. Additionally, within these servers, we found a total of 214,230 ports exposed across 68 unique ports."

In addition, the report raised an alarm about exposed public cloud instances, with an average of 40 exposures per organization. "Public cloud exposure can be particularly dangerous as many IT security leaders are unaware of the scope of public cloud infrastructure being used within their organizations," the research team wrote.

Zscaler also offered troubling findings for organizations in Europe, which need to be particularly worried.

"Out of the three regions, we found that EMEA based companies have the highest average of potential risk," Zscaler noted. "Companies in EMEA have the highest SSL/TLS risk from a regional perspective. This could be due to EMEA companies supporting older devices with older protocols, or, in some cases, they may have simply neglected to maintain server hygiene."            

It is even worse, the report said, if you work in government. Bureaucrats are prime targets for attack and public sector security is often lacking.

"Government agencies are below average in all types of vulnerabilities," the researchers write. "However, because government organizations (at all levels) are frequent targets of cybercrime, they should strive to eliminate any unnecessary attack surface to reduce the risk of it becoming exploited."

Dig Deeper on Risk management

Enterprise Desktop
Cloud Computing