Your SlideShare is downloading. ×

Vulnerability Management

1,784
views

Published on

Presentation I gave to a client on showing the importance of implementing a vulnerability management program life cycle.

Presentation I gave to a client on showing the importance of implementing a vulnerability management program life cycle.

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,784
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
116
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Importance of Vulnerability Management Anthony Asher
  • 2. 1 What is Vulnerability Management (VM)? 2 Why is VM important? 3 Examples of vulnerability exploits 4 What the difference?
  • 3. Vulnerability / Assess / Manage • Vulnerability: a weakness of an asset or group of assets that can be exploited by one or more threats. • Assessment: process of identifying vulnerabilities in computers and networks as well as weaknesses in policies and practices practices. • Management: “process of attempting to identify process and mitigate security vulnerabilities within an IT environment on a continuous basis” – Deloitte & Touche
  • 4. Vulnerability Management Lifecycle Verify Discover Remediate Prioritize Assets Report Assess
  • 5. Why is vulnerability management important? 1990 s Hacker s 1990’s – Hacker’s would try single exploit on host after host Host #1 until they found a vulnerable target to break into. t tt b ki t Exploit H@ck3r Host #3 Host #2
  • 6. Why is vulnerability management important? Targeted Company Attack Attack #1 #4 Targeted Attack Company C Attack Att k #2 #5 Attack Attack #3 #6 2008 – Hacker’s target and attack carefully identified companies with an onslaught of attacks until successful.
  • 7. Why is vulnerability management important? Asset Control (Botnet) Sensitive Legal Company Compliance Information Vulnerability Exploits Cripple Companies: Customer Reputation Information Financial Legalities
  • 8. Master Lock – The Th most trusted consumer padlock. tt t d dl k Vulnerability #1: Combination Code Deduction EXPLOIT: Deducing the code by removing uneven number the lock stops at while under tension will reveal code. Vulnerability #2: Shackle Spacing EXPLOIT: Shim made from soda can open lock.
  • 9. Purpose of Vulnerability Management: p y g Examine the technologies in place and identify vulnerabilities. Putting a system in place to continuously compare the vulnerabilities to a policy, and systematically mitigate these vulnerabilities to lower a company s company’s exposure to risk.
  • 10. Examples of Negligence
  • 11. Cost of not managing vulnerabilities Estimates the average data breach costs the company $4.8 million. • Average cost of $ g $182/ lost customer record • Average 26,300 lost records per breach
  • 12. Five Mistakes of Vulnerability Management Scanning but failing to act act. Patching same as VM. Mistakes VM is only a technical problem. Assessing without whole picture. Unprepared for Zero Day exploits Zero-Day exploits.
  • 13. Is Nessus and/or Patching enough? g g Tools of Vulnerability y Management Life-Cycle Prioritize Group Assess Nessus Remediate Discover Scan Nessus Security Scanner Report Verify (Assess) Microsoft WSUS / Patching g MBSA (Remediate)
  • 14. Vulnerability Management Critical • With a growing number of vulnerabilities, coupled with the dynamic attack methods and exploits in today's security landscape places enterprise businesses at great risk. p g • Implementing a vulnerability management process will help identify and remediate vulnerabilities before exploits are used. • Scanning and patching alone will not provide the system to comprehensively lower a y p y companies security exposure and risk.
  • 15. Questions? Q ti ?