Many organizations are jumping on the “Death to Java” bandwagon, ranting about turning off Java to eliminate risk. However, it is important to put the issue in the proper context. The reality is that a Java vulnerability is not the end game for a cyber criminal, it is merely a delivery mechanism in the quest to install and execute bigger malware.
There is no “one size fits all” recommendation for eliminating Java risks. But, you do want to eliminate as much exploitable surface area as reasonably possible on your critical endpoints. This should be the philosophy engrained in every organization’s security culture. If you’re not having this conversation about Java - and quite frankly all of the third-party applications in your environment - you are missing the mark and not calculating your risk. Join Paul Henry and Russ Ernst as they bring us up to speed on the Java vulnerabilities and how to limit your exposure without going overboard.