Your SlideShare is downloading. ×
0
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Why Patch Management is Still the Best First Line of Defense

1,307

Published on

Today more than 2 million malware signatures are identified each month and traditional anti-virus defenses simply can’t keep up. Even the major anti-virus vendors have concluded that stand-alone …

Today more than 2 million malware signatures are identified each month and traditional anti-virus defenses simply can’t keep up. Even the major anti-virus vendors have concluded that stand-alone anti-virus no longer provides an effective defense and that additional layers of security technology are needed to address the rising volume and sophistication of threats. View this presentation to learn:
• Why you can’t forget about older vulnerabilities
• How to reduce exposure from both OS and 3rd party application vulnerabilities
• The challenges with reliance upon “free” patching tools and native updaters
• Why you should consider patch management as the core of an effective depth-in-defense endpoint security approach

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,307
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
93
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • browser is delivering unprecedented levels of business productivity and IT risk everyday to your endpoint environment. Most organizations can’t stop it business productivityyounger workforce blends social-business-personal communications together as oneSocial networking applications are in use in 95% of businesses today 78% of these applications support file transfers, many are known to be propagators of malware and have vulnerabilities associated with them.Same in industries like Fin Services and healthcare-95% usage of social network across the boardCybercriminals are targeting these social applications greatest opportunities for them is the amount of trust end users put into these social applications. Once in they can replicate their malware with amazing speed and devastating impact.browser based risk we then are in reality starting to talk about cloud computing. isn’t anyone in IT today who hasn’t heard or discussed cloud computing.
  • The web continues to be a common path of infection. Among web-based malware, we distinguish auto-executed “drive-bydownloads” from those involving user interaction. Many of the latter incorporate a social engineering aspect (“click to cleanyour system”). The web installation vector is more opportunistic in nature than the “installed by attacker” variety that usuallytargets a pre-selected victim. Once the system is infected, the malware alerts an external agent who will then initiate furtherattacks. The web is a popular vector for the simple reason of that’s where the users are. Overly-trusting browsers and usersoperating with administrative privileges only add to this popularity.While not extremely common, we did observe several cases in which malware was coded directly into an existing programor script. This, of course, requires access to the system but also knowledge of how the code works. Not surprisingly, theseoften involve malicious insiders who developed the code or administer the system on which it runs. However, a few veryinteresting cases of this type were committed by outsiders. One of these involved an external agent that had access to thesystem for over six months. During this time, he studied the input/output process and developed a custom script to siphondata when new accounts were created.
  • The flow of the trojan installation processWhen users open the MS Word file xxx1.doc, the MS Access file xxx2.doc is loaded through the data link properties. Then the shellcode in the xxx2.doc file runs (triggered by the MS Jet exploit in the same file) and decodes itself in typical fashion. The shell code launches WinWord.exe to open the innocent Word file embedded in “xxx1.doc”.While the shellcode opens the Word file, it also decodes the executable file embedded in xxx1.doc. The decoding includes the simple XOR with a mask of 0xFF, and to deobfuscate the first 8 bytes of MZ header which is masked with XOR mask 0xAF.You may see the data link aspect of xxx1.doc by placing the xxx2.doc file in a different folder than xxx1.doc. When users open xxx1.doc, the “Data Link Properties” window appears. The specified database name is a the path containing xxx2.doc and the password is empty. Because of this data link, xxx2.doc is typically loaded silently.
  • Today, an amateur can get a complete malware toolkit for $200 that has capability of making damages worth Millions. Story doesn’t en here, just like SaaS – Software as a service, you can rent Big Botnets for less than a grand that could take a Complete network of computers down and/or infect them to leave it in paralysis for several days. The damage is un-countable.
  • Your environment also has all sorts of risk added everyday and in different waysSoftware and OS lifecycle assumes new bugs; design flaws will be discovered as technology is adopted and deployed.On average, 15 new vulnerabilities are released per dayAnd over 90% of vulnerabilities could be exploited remotely. Software vulnerabilities grow daily. Understanding these risks is critical in your ability to address risk efficiently.
  • Network and endpoint resources are taxed as bandwidth, storage and processing affect the bottom lineIT organizations have less personnel resources to manage endpoint operations and security withLack of visibility and coordination between functional areas of IT operations and security impact ability to efficiently and effectively manage organizational compliance and IT risk
  • The old approach of managing vulnerabilities with disparate products and processes is expensive and requires high management overhead.Without centralized management and reporting across your distributed systems, platforms, and applications, you can’t achieve the operational efficiency and cost savings required in today’s economy.
  • Lumension Patch and Remediation’s automated workflow follows the Aberdeen recommendations and is now a module on the Lumension Endpoint Management and Security Suite, which consolidates endpoint operations, security, compliance, and IT risk management workflows for enhanced visibility & controlSingle-agent, single-console architecture reduces complexity and total cost of ownershipProvides end-to-end visibilityImproves productivityEnhances securityOptimizes compliance and IT risk managementReduces IT EnvironmentComplexity»»Reduces Endpoint Total Costof Ownership»» Provides Greater VisibilityInto and Control Over YourNetwork’s Endpoints»» Elevates Security andCompliance Posture»» Optimizes ExistingResources for Reduction ofIT Risk»»Supports Your ITEnvironment Withina Dynamic BusinessEnvironmentKey Features»»Integrated Endpoint ManagementConsole»»Modularly Licensed ProductCapabilities»»Scalable and Agile Architecture»»Single Promotable Agent»
  • Transcript

    • 1. Why Patch Management is Still the Best First Line of Defense<br />
    • 2. Today’s Speaker<br />Paul Henry<br />Security & Forensics Analyst<br />MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCE<br />SANS Institute Instructor<br />2<br />
    • 3. Today’s Agenda<br />More Vulnerabilities – Beyond Just Microsoft<br />Increased Sophistication of Attacks<br />Patch Management Challenges<br />The Best First Line of Defense<br />Q&A<br />
    • 4. More Vulnerabilities…Beyond Just Microsoft<br />
    • 5. Vulnerabilities AND Exploits on the Rise<br />Report: Exploits Rate Reaches 61 Percent in January 2011<br /><ul><li>Attackers exploited more new vulnerabilities in January than usual, writing exploits for half of 'critical' vulnerabilities </li></ul>Source: Dark Reading, February 3, 2011<br />5<br />
    • 6. Known Vulnerabilities Still Being Exploited<br />Source: M86 Security<br />6<br />
    • 7. Growing Application Risk – No Longer Just Microsoft<br /><ul><li>Social networking applications were detected in 95% of organizations. *
    • 8. 78% of Web 2.0 applications support file transfer.*
    • 9. 2/3 of applications have known vulnerabilities.*
    • 10. 28% of applications were known to propagate malware.*</li></ul>* Palo Alto Networks Application Survey 2009, 2010<br />7<br />
    • 11. Increasing # of Web App Vulnerabilities<br />IBM X-Force<br />8<br />
    • 12. Web Applications are the Leading Attack Path<br />The applications we use today for productivity<br />Collaborative / Browser-based / Open Source<br />Source: Verizon, 2010 Data Breach Investigations Report<br />Social Communities, Gadgets,Blogging and Widgets <br />open up our networks to increasing risk everyday.<br />9<br />
    • 13. Increased Sophistication of Attacks<br />
    • 14. Multiple Vectors and Multiple Exploits<br />11<br />
    • 15. Abusing Unintended Consequences<br />12<br />
    • 16. Better Tools For The Bad Guys<br />13<br />
    • 17. Point And Click Malware Design<br />14<br />
    • 18. Why Buy It When You Can Rent It?<br />15<br />
    • 19. Common Denominator<br />In a recent data breach study of 500 breaches….. 90% of the exploits used for <br />entry had patches available for 6 months or longer. The same study went on to <br />point out that 50% of systems have 10 or more vulnerabilities for which patches <br />are currently available for.<br />16<br />
    • 20. Patch Management Challenges<br />
    • 21. Minimize Your True Endpoint Risk<br />Areas of Risk at the Endpoint<br />Patch and configuration analysis and delivery are needed across all systems; operating systems and applications.<br />Unmanaged endpoints on the network are unknown and unprotected.<br />Application and operating system patching is not benchmarked or continuously enforced.<br />Standard configurations are not assessed or enforced.<br />Un-patched browsers represent the highest risk for web-borne malware.<br />5% <br />Zero-Day<br />30% <br />Missing Patches<br />65% <br />Misconfigurations<br />Source: John Pescatore Vice President, Gartner Fellow<br />18<br />
    • 22. Lack of Resources and Coordination<br /><ul><li>Reduced IT personnel and network resources</li></ul>Decrease the Effectiveness of Endpoint Operations & Security<br /><ul><li>Lack of visibility and coordination</li></ul>IT Operations and IT Security are not always coordinated<br />Reduced ability to manage organizational compliance and IT risk<br />19<br />
    • 23. The Old Approach Doesn’t Work<br />Fragmented approach to vulnerability management<br />Tools do not consolidate or centralize the management of heterogeneous environments<br />High management overhead & cost<br />Lack of visibility of the overall security posture<br />Don’t discover blind spots or hidden devices<br />Disparate reporting<br />20<br />
    • 24. The Best First Line of Defense<br />
    • 25. Patching Client Side Apps Now #1 Priority<br />The problem of un-patched client-side vulnerabilities is one of the two most pressing priorities organizations need to address to mitigate cyber security risks. <br />Most organizations today take at least twice as long to patch third-party application vulnerabilities than they do to patch operating system vulnerabilities.<br />SANS Institute, Top Cyber Security Risks, September 2009<br />22<br />
    • 26. Managing Vulnerabilities: Best Practices<br />Source: Aberdeen Group, Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), December 2010<br />23<br />
    • 27. Comprehensive and Actionable IT Risk Mitigation<br />Lumension® Endpoint Management & Security Suite: Patch & Remediation<br />Discovers: Ensures complete visibility of all IT assets, both managed and unmanaged.<br />Assesses: Performs a deep analysis and thorough OS, application and security configuration vulnerability assessments.<br />Prioritizes: Focuses on your most critical security risks first.<br />Remediates: Automatically deploys patches to an entire network per defined policy to support all OS’s and applications – to both online AND offline machines. <br />Reports: Provides operational and management reports that consolidate discovery, assessment and remediation information on a single management console.<br />24<br />
    • 28. Streamline Patch Management Across Your Environment<br />Lumension Endpoint Management and Security Suite is an extensible solution suite that reduces complexity, optimizes TCO, improves visibility and delivers control back to IT.<br /><ul><li>Reduces Complexity and TCO through effective automation of operational tasks
    • 29. Provides Greater Visibility and Into Control Over your network’s endpoints
    • 30. Improves Operational Efficiency with a single console to manage multiple functions
    • 31. Elevates Security and Compliance Posture through automatic policy enforcement</li></ul>25<br />
    • 32. Patch is Core Component of Defense-in-Depth<br />AntiVirus<br />Emerging Endpoint Security Stack<br />Device Control<br />Device Control<br />Traditional Endpoint Security<br />Application Control<br />Application Control<br />BlacklistingAs The Core<br />Patch & Configuration<br />Mgmt.<br />Defense-N-Depth<br />Consumerizationof IT<br />Zero Day<br />MalwareAs a Service<br />3rd Party Application Risk<br />26<br />
    • 33. Q&A<br />
    • 34. Next Steps<br />Overview of Lumension® Patch and Remediation<br />http://www.lumension.com/Resources/Demo-Center/Overview-Vulnerability-Management-Solution.aspx<br />Vulnerability Scanner Tool<br />http://www.lumension.com/Resources/Security-Tools/Vulnerability-Scanner.aspx<br />Third Party Analysis<br />Forrester Wave: Vulnerability Management 2010<br />http://www.lumension.com/Resources/Reports/Forrester-Wave---Vulnerability-Management-Q2-2010.aspx<br />Tolly Report: TCO Comparison - Lumension® vs. Microsoft ® WSUS<br />http://www.lumension.com/Resources/WhitePapers/Lumension-Vulnerability-Management-Microsoft-WSUS.aspx<br />28<br />
    • 35. Global Headquarters<br />8660 East Hartford Drive<br />Suite 300<br />Scottsdale, AZ 85255<br />1.888.725.7828<br />info@lumension.com<br />

    ×