Managing end-of-life software

Ryan McConechy at Barrier Networks explains the challenges of mitigating the risks of end-of-life software within OT environments

 

As the October 2025 deadline approaches, organisations worldwide are preparing their networks for Windows 10 going end-of-life (EoL).

 

As the world’s most popular Operating System (OS), running on approximately 60% of devices, the October deadline will have a major impact on organisations. Suddenly the most critical element of their IT environment will no longer receive security updates and patches from Microsoft, which will offer almost limitless opportunities for attackers. 

 

To mitigate these risks, many organisations are already proactively updating their systems. 

 

Within traditional IT environments, upgrading from Windows 10 to Windows 11 should be a well-structured process. Devices can be completely replaced; alternatively, modern tools like Microsoft Intune offer centralised control, allowing IT teams to systematically deploy Windows 11 across an organisation. 

 

This structured process enables businesses to conduct test migrations, identify compatibility issues and push updates efficiently, ensuring minimal downtime and disruptions to operations.

 

However, the situation is significantly different within operational technology (OT) environments, where software updates are typically far from seamless.

 

 

Upgrading within OT environments

OT environments are notoriously plagued with legacy technology because it’s much harder to update systems. OT operators can’t simply switch off services, like gas and water, to replace an aging piece of software. 

 

Firstly, the implications of switching off a machine could have a detrimental impact on society, while secondly, within such intricate and sensitive environments, there is an increased possibility of systems malfunctioning, which could create lengthy disruptions.  

 

These are some of the key reasons why OT environments are so concentrated with legacy technology. It’s been over ten years since Windows XP went EoL, but the OS is still frequently found in OT environments, often alongside other software relics, like Windows 7 and older generation Linux systems. 

 

Furthermore, there are often compatibility constraints within OT environments, which mean some hardware is tightly integrated into the architecture, which can be costly and time-intensive to replace, while limited centralised management means updating systems is a manual task, which is highly resource-intensive. 

 

 

Mitigating the risks of legacy software

To safeguard OT environments against the growing risks posed by legacy software, organisations are advised to adopt a proactive risk mitigation strategy. 

 

Firstly, organisations must take time to understand the risks legacy software is having on their unique environments. For CNI providers or defence contractors, the risks will be higher due to increased interest from nation state threat actors, but for smaller OT providers, the risks could be less severe.

 

Once the risks are identified, organisations should take steps to understand the prevalence of legacy software within their environment and assess whether the technology needs to be replaced, or can be bolstered with additional security measures. 

 

These additional security measures could include: 

• Network segmentation: Isolating legacy systems from other network environments can significantly limit exposure to cyber threats. Implementing Zero Trust principles ensures that communication between devices is tightly controlled and continuously monitored.
• Intrusion Prevention Systems: Deploying advanced monitoring tools can help establish baseline system behaviours, allowing anomalies to be detected early. Firewalls, network visibility solutions and Intrusion Prevention Systems (IPS) provide additional layers of protection against unauthorised access.
• Cyber deception: Implementing honeypots and deception technology can serve as early warning mechanisms that criminals are lurking within environments. These technologies turn the hunter into the hunted, enabling organisations to detect malicious actors on decoys and mitigate them before they reach genuine infrastructure. 

While these security measures will help organisations protect their environments against the immediate risks of legacy software, the ultimate goal should be on long-term modernisation. This means building out plans to gradually replace legacy systems with more flexible, upgradable solutions that align with today’s cyber security standards.

 

End of Life software presents significant challenges within OT environments, because systems are never easy to update. 

 

Critical processes cannot be switched off for routine updates and any operational downtime can be harmful to society. However, the risks to these environments are often severe, with nation state threat actors looking to exploit weaknesses in legacy technology and cause damage.

 

As a result, these organisations must establish a way to operate safely, even when their environments are concentrated with outdated technology.  

 

By understanding an organisation’s exposure to risk, taking steps to layer security over remaining legacy software, while simultaneously working on a long-term transformation strategy, these organisations can navigate EoL transitions, ensuring security and operational resilience are never threatened even when critical software components run past their shelf life.  

 

---

 

Ryan McConechy is CTO of Barrier Networks

 

Main image courtesy of iStockPhoto.com and gorodenkoff