44CON 2013 - Surviving the 0-day - Reducing the Window of Exposure - Andreas Lindh
Upcoming SlideShare
Loading in...5
×
 

44CON 2013 - Surviving the 0-day - Reducing the Window of Exposure - Andreas Lindh

on

  • 375 views

According to the NIST National Vulnerability Database, 1772 software vulnerabilities with a CVSS score of 7 or higher were disclosed in 2012, and 2013 is so far (at the time of writing) not looking ...

According to the NIST National Vulnerability Database, 1772 software vulnerabilities with a CVSS score of 7 or higher were disclosed in 2012, and 2013 is so far (at the time of writing) not looking any better.

A lot of times the window of exposure - from when a vulnerability is discovered to when a patch has been deployed - is very long. In a corporate environment, it’s not unusual to rely solely on patch management and semi-static security tools such as firewalls, IPS and antivirus for protection, and because of various reasons patch deployment might take a long time or may not even be possible.

This talk will discuss why patch management is insufficient for protection against new vulnerabilities, how the traditional “defense in depth” model needs to be re-architected, and finally how the window of exposure can be reduced by active response before incidents occur.

Statistics

Views

Total Views
375
Views on SlideShare
375
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Software vulnerabilitiesProtectionRelying on a combination of patching + defense in depth modelA proposal on how to get better

44CON 2013 - Surviving the 0-day - Reducing the Window of Exposure - Andreas Lindh 44CON 2013 - Surviving the 0-day - Reducing the Window of Exposure - Andreas Lindh Presentation Transcript

  • Surviving 0-days reducing the window of exposure Andreas Lindh, 44Con 2013
  • About me • Security analyst/architect • Defender by day • @addelindh on Twitter
  • The TL;DR
  • 0-days
  • The window of exposure Unknown Out of our control Discovery Disclosure In our control Patch available Patch deployed
  • Common protection • Patching • Virtual patching • Uninstall
  • How hard can it be?
  • Pretty hard!
  • What if you can’t patch? • Legacy systems • 3rd party systems • Insufficient tools
  • HD Moore’s law Unknown Out of our control Discovery Disclosure In our control Patch available Patch deployed
  • Defense in depth
  • Concept
  • Implementation
  • Meanwhile...
  • Which leaves us with...
  • Are we on it?
  • "Put another way, n people want to fix security holes, 10n people want to exploit security holes, and 100000n want Tetris.” (Dan Kaminsky)
  • What to do?
  • Root cause • Over-reliance on patching • Network-centric defense architecture • All about prevention
  • Firewall all the things?
  • Things to consider • Exposure • Attack likelihood • History • Patch status
  • Approach • Prevention • Mitigation • ( Detection)
  • 1. Build
  • Focus • Proactive • Inside -> out • Onion style • Reusable (ideally)
  • An example Software restriction policy OS security features Sandbox Intermediary channels Software User permissions Endpoint protection IPS
  • Pros and cons • Pros – Improved security baseline – Reduced impact – Pro-active • Cons – Generic – Added complexity
  • 2. React
  • Incident timeline React! INCIDENT!
  • Focus • Specific vulnerability • Fast implementation • Input to #1
  • Pros and cons • Pros – Timely mitigation – Focused approach – Compliments #1 • Cons – Limited time – Reactive
  • Wrapping it up • Patching takes time • Can’t patch the unknown • Traditional controls are often insufficient
  • Let’s build!
  • Thank you for listening!
  • Questions?