You're facing vulnerabilities in unsupported legacy systems. How can you secure them effectively?

Perform a thorough assessment to identify all vulnerabilities in the legacy systems. Determine the potential impact of these vulnerabilities on your organization. Prioritize the vulnerabilities based on their severity and potential impact. Segment legacy systems from the rest of the network to limit the potential spread of malware or attacks. Limit access to legacy systems to only those users and systems that absolutely need it. Ensure that all activity on legacy systems is logged and regularly reviewed for anomalies. Implement advanced endpoint protection solutions that offer virtual patching capabilities to shield vulnerabilities. Enforce strong, multi-factor authentication (MFA) for accessing legacy systems.

The first step is conducting a thorough inventory of the systems and associated relationships and dependencies within them. Next, identify the type of data that may be stored, processed, or transmitted through the system. Once completed, conduct a business impact analysis to determine the risks associated with the system. Finally, determine the ROI (if any) for keeping the legacy system online. Depending upon your risk appetite and contractual and regulatory obligations, make your decisions moving forward from here.

For a legacy system that is EOL and no longer receiving updates, it’s imperative that you lock it down. Physical segregation would be best, but at a minimum logical/tiered segregation should exist. Implement technical controls such as IDS/IPS, FIM, DLP, SIEM, Firewalls and strong access controls. Lastly, if internet access is not required, do not allow any traffic from ingress to the system.

It is always good idea to move away from legacy system and focus on new and latest technology but when it is not possible, try run them on sandbox and secure environment with more restriction and monitoring.

Strengthening the perimeter defense around legacy systems is essential for protecting against external threats. Implementing firewalls and intrusion detection systems (IDS) helps monitor and control network traffic, creating a robust barrier between secure internal networks and untrusted external sources. Securing all access points with strong authentication measures is critical to prevent unauthorized access. This multi-layered approach ensures that legacy systems remain protected even in the face of evolving cyber threats. Great points on enhancing perimeter security!

Isolate isolate isolate. The only way to protect legacy systems is to brutally cut them off from anything. Every piece of traffic in and out should be scrutinised and subject to control such that you never find yourself surprised by what’s touching that system. Attack surface management is absolutely vital when dealing with anything legacy.

In my humble 3 decades of security leadership from both the war room with shiny lapels, and in the trenches armed with wireshark and python, I can tell you that minimising exposure factor and available attack surface is the secret sauce for protecting legacy systems. I mean really, minimising exposure risk (and diligent patching) is to information security risk what seatbelts are to cars. Sure, you can get far without them, but there will come a point, one tenth of a second into a terminal event, when you realise that you should’ve buckled up at the first opportunity after all. The lower your exposure risk, the lower the urgency to patch, and the lower the risk of interim compromise - i.e from “the net” to “6 employees in this DC”. Nice

Special caveat here for legacy systems. Do you even know what to monitor for? Assuming it’s old tech you need to ensure the right detection capabilities are online, the right modules and log shipping etc. Does your whizbang SIEM speak PC/3270? What does normal look like? That’s going to be a little different to answer for legacy systems than contemporary.