Read Now:  The Ultimate Guide to Linux Patch Management

X

Unix Patching Isn’t Dead…It Just Needs a Modern Kick

Patch Management

Rumors of the death of Unix have been greatly exaggerated. Unix variants like Solaris and AIX may be old, and they may be less than cool, but they are still very much alive. But alive and well? That depends on who you ask.

Many large organizations, such as banks, insurance firms, and government organizations, are still using Unix machines (Solaris/AIX) as part of their infrastructure, even if they’re not always proud to admit it. These days, Unix machines are almost always part of a complex on-premises setup that can be difficult to maintain. Some of these Unix versions are at end of life or lack qualified personnel to administer and update them.

Hackers know this, which is why they’re constantly on the lookout for easy ways to exploit Unix systems—like the October 2020 zero-day Solaris breach that targeted thousands of systems at telecom, finance, and other companies.

In this post, we’ll take a closer look at why it’s so important to have a system in place for patching legacy Unix servers. We’ll also explore ways to make the job easier, especially when you’re dealing with a complex and hybrid assortment of devices and endpoints.

Recent Unix Threats

Which industries are still using legacy Unix systems? Education, government, financial services, and other big firms all invested heavily in developing proprietary software solutions for Unix, with many still in use today. During COVID-19, for example, the world watched in shock as the governor of New Jersey desperately called for COBOL programmers to help the state more efficiently get compensation checks out of their disability-benefits system that was over 40 years old.

What’s more, these proprietary solutions are still working very well, especially given the reported $720 billion wasted globally on failed upgrades. Legacy systems, it turns out, still have a lot to offer:

  • Competitive speed and efficiency
  • An end-to-end single-vendor solution (i.e., Oracle)
  • Stability and power

Although Unix is a legacy operating system, as long as it’s still in use somewhere, threats will continue to emerge.

Why go after Unix? Long-tail economics. Even if far fewer Unix systems are in use than Windows and Linux distributions, it’s still a very big number. And those Unix systems that are still out there are often running customized, highly mission-critical functions NetworkWorld calls “expensive and risky to migrate or rewrite.” 

In other words, if a hacker attacks a company’s legacy Unix systems, they are striking at the very heart of the business. 

With so many old vulnerabilities out there, it’s easy for hackers to find one that can be exploited—and it doesn’t even have to be expensive. The company that exploited the Solaris vulnerability in October 2020—an AIX Solaris Sudo vulnerability that could give low-privilege users root access—allegedly purchased it on a black-market website for only $3,000.

Although some of these vulnerabilities affect all *nix-type OSes, not just Unix, Unix systems are particularly vulnerable. Why? They’re seen as:

  • “End of life” and generally stable
  • “Not worth maintaining” because they’re being phased out
  • “Too hard/expensive to maintain” due to the need for manual patching

Often, these systems have “aged out,” meaning that the highly qualified personnel who set them up—often long ago—have moved on to other organizations or even retired. This leaves legacy Unix systems in the hands of staff who know how to perform routine upkeep but do not know these systems inside and out. So, while vendors provide updates on a regular schedule for most critical systems, organizations have fewer and fewer individuals capable of handling Unix patching. Also, the type of manual patching used for most of these systems isn’t scalable and doesn’t offer a modern solution in line with the rest of the organization.

Finally, any time you have one system or a group of systems requiring a different strategy, things are going to fall through the cracks. But as we’ve seen, patching legacy Unix machines is too important to let this happen. So how can you handle it more easily?

A Unified Approach

Many organizations believe that as long as they’re still running legacy systems, they need to take a separate approach to patching those systems, often relying on manual patching by the few staff members qualified to do so. But this no longer has to be the case. The best way to simplify patching across your organization—including Unix machines—is to handle it from a single, integrated solution.

Today, your team is managing and securing a wide range of endpoints and network environments: on-premises, in-cloud, BYOD, IoT, and more. And legacy Unix servers don’t have to get in the way of modern IT security processes as long as you choose a solution flexible enough to accommodate your full range of endpoints.

JetPatch is a modern vulnerability remediation solution that brings all your assets under one umbrella via an easy-to-understand dashboard that puts your team fully in control—without the need for any special Unix training. JetPatch supports both legacy on-premises and cloud systems with a unified solution that can also extend to an almost infinite variety of other systems through JetPatch Off-Grid.

Take back your entire network environment, no matter how complex:

  • At-a-glance visual representation of your network’s health
  • Predictive patching so you can estimate the odds of success and minimize failure
  • Automated patching so you get more systems patched faster

JetPatch lets you see what needs patching and understand the best way to remediate all your systems—no matter where they are or which OS and version they’re running. You’ll be awestruck at the range of systems JetPatch supports:

  • AIX 6.1, AIX 7.1, AIX 7.2, POWER4, POWER5, POWER6, POWER7, POWER8, POWER9
  • Solaris 10 and Solaris 11, SPARC 64-bit
  • All of today’s most popular Linux distributions
  • Windows Server and Windows Desktop

To see all of our supported platforms, check out the full list here.

Unix isn’t dead yet, and it probably won’t be for a long time to come. If Solaris, AIX, or other legacy systems are still powering your mission-critical business apps, click here to schedule a free JetPatch demo and see how easy it is to take control and keep all of your servers safe and secure.

Yair Regev
Yair Regev
Yair is the CTO & VP R&D @ JetPatch. He has more than 20 years of experience in cybersecurity, networking and R&D management. https://www.linkedin.com/in/yair-regev-7b23411/
schedule demoORlearn more
Start Patching the Right Way
Free Trial