topic Re: Securing old web server IIS6 in Cortex XDR Discussions

Securing old web server IIS6

Fido — Mon, 18 Apr 2022 09:35:11 GMT

Hello,

We are solving a case of an IIS6.1 vulnerability on an old Windows 2008 R2 SP1 system. Microsoft no longer has support for Windows update. The customer cannot migrate to the newer system yet.
Would Cortex XDR be able to secure IIS v6.1 web server vulnerabilities?

Thanks!

Re: Securing old web server IIS6

KanwarSingh01 — Wed, 20 Apr 2022 00:57:23 GMT

@Fido Practically I think you should take defense in depth approach here and not just rely on Cortex XDR.

> Ring fence server i.e. make sure you lock it down into its own network.

> Monitor logons and expose what is required to the internet if a public facing internet.

> Enable IPS system for network traffic. (Test first by enabling IDS before IPS)

Apart from above, you should be able to get prevention on post exploitation activity with Cortex for un-known threats and as well for known threat.

Example: A command interpreter process such as cmd.exe or powershell.exe spawn from w3wp.exe

You can also create your own detection which can help you detect threats related to your environment.

What version of Cortex XDR are you looking to install?

Re: Securing old web server IIS6

eluis — Wed, 20 Apr 2022 06:12:34 GMT

Hi @Fido

I agree with what @KanwarSingh01 suggests.

You could develop some use cases and implement them through your own correlation rules, BIOCs, .... You could even ingest logs from your IIS6.1 with Cortex XDR Collectors or Filebeat, parse them on XDR and from there you can be creative on what are your defensive goals (from which threats do you want to protect your web server)

KR,

Luis

Re: Securing old web server IIS6

Fido — Wed, 20 Apr 2022 07:22:31 GMT

Thanks guys for the feedback.
@KanwarSingh01 We want to install Cortex XDR 7.7

Re: Securing old web server IIS6

KanwarSingh01 — Thu, 21 Apr 2022 22:37:20 GMT

You should be good here.