Your SlideShare is downloading. ×
0
Importance of
Vulnerability Management




Anthony Asher
1   What is Vulnerability Management (VM)?



2   Why is VM important?



3   Examples of vulnerability exploits


4   Wha...
Vulnerability / Assess / Manage

• Vulnerability: a weakness of an asset or group of
  assets that can be exploited by one...
Vulnerability Management Lifecycle


             Verify   Discover




Remediate                        Prioritize
      ...
Why is vulnerability management important?


                     1990 s Hacker s
                     1990’s – Hacker’s w...
Why is vulnerability management important?



                     Targeted
                     Company                  ...
Why is vulnerability management important?



                               Asset
                              Control
 ...
Master Lock –
The
Th most trusted consumer padlock.
        tt   t d           dl k

      Vulnerability #1: Combination C...
Purpose of Vulnerability Management:
   p                   y     g


 Examine the technologies in place and identify
 vul...
Examples of Negligence
Cost of not managing vulnerabilities




Estimates the average data breach costs the company
$4.8 million.
• Average cost ...
Five Mistakes of Vulnerability
               Management



                      Scanning but failing to act
            ...
Is Nessus and/or Patching enough?
                                     g     g

                Tools of Vulnerability
   ...
Vulnerability Management Critical

• With a growing number of vulnerabilities,
  coupled with the dynamic attack methods a...
Questions?
Q   ti   ?
Upcoming SlideShare
Loading in...5
×

Vulnerability Management

1,898

Published on

Presentation I gave to a client on showing the importance of implementing a vulnerability management program life cycle.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,898
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
127
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Vulnerability Management"

  1. 1. Importance of Vulnerability Management Anthony Asher
  2. 2. 1 What is Vulnerability Management (VM)? 2 Why is VM important? 3 Examples of vulnerability exploits 4 What the difference?
  3. 3. Vulnerability / Assess / Manage • Vulnerability: a weakness of an asset or group of assets that can be exploited by one or more threats. • Assessment: process of identifying vulnerabilities in computers and networks as well as weaknesses in policies and practices practices. • Management: “process of attempting to identify process and mitigate security vulnerabilities within an IT environment on a continuous basis” – Deloitte & Touche
  4. 4. Vulnerability Management Lifecycle Verify Discover Remediate Prioritize Assets Report Assess
  5. 5. Why is vulnerability management important? 1990 s Hacker s 1990’s – Hacker’s would try single exploit on host after host Host #1 until they found a vulnerable target to break into. t tt b ki t Exploit H@ck3r Host #3 Host #2
  6. 6. Why is vulnerability management important? Targeted Company Attack Attack #1 #4 Targeted Attack Company C Attack Att k #2 #5 Attack Attack #3 #6 2008 – Hacker’s target and attack carefully identified companies with an onslaught of attacks until successful.
  7. 7. Why is vulnerability management important? Asset Control (Botnet) Sensitive Legal Company Compliance Information Vulnerability Exploits Cripple Companies: Customer Reputation Information Financial Legalities
  8. 8. Master Lock – The Th most trusted consumer padlock. tt t d dl k Vulnerability #1: Combination Code Deduction EXPLOIT: Deducing the code by removing uneven number the lock stops at while under tension will reveal code. Vulnerability #2: Shackle Spacing EXPLOIT: Shim made from soda can open lock.
  9. 9. Purpose of Vulnerability Management: p y g Examine the technologies in place and identify vulnerabilities. Putting a system in place to continuously compare the vulnerabilities to a policy, and systematically mitigate these vulnerabilities to lower a company s company’s exposure to risk.
  10. 10. Examples of Negligence
  11. 11. Cost of not managing vulnerabilities Estimates the average data breach costs the company $4.8 million. • Average cost of $ g $182/ lost customer record • Average 26,300 lost records per breach
  12. 12. Five Mistakes of Vulnerability Management Scanning but failing to act act. Patching same as VM. Mistakes VM is only a technical problem. Assessing without whole picture. Unprepared for Zero Day exploits Zero-Day exploits.
  13. 13. Is Nessus and/or Patching enough? g g Tools of Vulnerability y Management Life-Cycle Prioritize Group Assess Nessus Remediate Discover Scan Nessus Security Scanner Report Verify (Assess) Microsoft WSUS / Patching g MBSA (Remediate)
  14. 14. Vulnerability Management Critical • With a growing number of vulnerabilities, coupled with the dynamic attack methods and exploits in today's security landscape places enterprise businesses at great risk. p g • Implementing a vulnerability management process will help identify and remediate vulnerabilities before exploits are used. • Scanning and patching alone will not provide the system to comprehensively lower a y p y companies security exposure and risk.
  15. 15. Questions? Q ti ?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×