Neglected assetsUnsupported Host OS
Hazardous (3)
Non-platform specific
About EOS Software
Software systems are very much like living things; they grow and evolve as time goes by. Years, sometimes decades pass, and software products continue to receive new updates, and adapt to the changing technological landscapes.
But much like living things, every piece of software has an expiration date. Beyond this expiration date, the vendor does not release any more updates or patches for the software. This stage of the product lifecycle is known as end-of-support (EOS).
Once a product has been marked for EOS, it’s no longer safe to use. This is because the vendor will not be fixing any subsequently discovered vulnerabilities or bugs in it. Additionally, any newly released applications may also not be compatible with EOS software.
Just like any other software product, operating systems also hit end-of-support. Running an EOS operating system poses a serious security risk to your infrastructure.
Cloud Risk Description
Malicious actors can scan a network to detect any end-of-support operating systems. If the OS has any known vulnerabilities or bugs, they can be exploited to gain unauthorized control over the system. Since an operating system has exclusive access to all the applications, the damages can sometimes be irreparable.
How Can Orca Help?
Orca discovers neglected workloads, i.e., machines running an unpatched or unsupported OS, as shown in the above screenshot. In addition, Orca alerts you to a host operating system reaching EOS in less than 90 days to enable you to upgrade the OS before the EOS date.
Recommended Mitigation Strategies
-
If an operating system has been marked for EOS, upgrade to a newer version before the deadline.
-
Use trackers like https://endoflife.software/ and https://www.upcomingeol.com/ to keep tabs on software about to hit EOS.
Useful Links
- 2022 State of Public Cloud Security Report: https://orca.security/lp/2022-state-public-cloud-security-report/
- Risks of using end-of-life software: https://blog.cloudlinux.com/5-risks-of-using-end-of-life-operating-system
- Benefits of replacing legacy systems: https://dynamics.folio3.com/blog/legacy-system/
- End of support software tracker: https://endoflife.software/
Orca Security, the cloud security innovation leader, provides cloud-wide, workload-deep security and compliance for AWS, Azure, and GCP - without the gaps in coverage, alert fatigue, and operational costs of agents.
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.