Without treating security as an ongoing process, hackers will find, weaponize, deploy, and attack your infrastructure faster than your team can patch. At the same time, the experience of your IT team working with the security group is frustrating and leads to many, many hours of manual work. Learn how to stay ahead of the bad guys and improve the experience for your team with continuous vulnerability management.
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
How to Perform Continuous Vulnerability Management
1. How to Perform Continuous Vulnerability
Management and Avoid Failure
Chris Goettl, Director of Product Management, Security
Meeting ID: 803 050 534
Call-in toll-free (US/Canada)
1-877-668-4490
Call-in toll (US/Canada)
1-408-792-6300
3. The first 5 controls
I n v e n t o r y o f A u t h o r i z e d a n d U n a u t h o r i z e d D e v i c e s
I n v e n t o r y o f A u t h o r i z e d a n d U n a u t h o r i z e d S o f t w a r e
S e c u r e C o n f i g u r a t i o n
C o n t i n u o u s V u l n e r a b i l i t y A s s e s s m e n t a n d R e m e d i a t i o n
C o n t r o l l e d U s e o f A d m i n i s t r a t i v e P r i v i l e g e s
CIS, US-CERT, ASD, and other authorities prioritize these five elements of cyber hygiene to significantly
reduce security threats.
4. CIS Control 3: Continuous Vulnerability Management
Continuously acquire, assess, and take action on new information in order to
identify vulnerabilities, remediate, and minimize the window of opportunity for
attackers.
Why Is This CIS Control Critical?
When researchers report new vulnerabilities, a race starts among all
parties, including: attackers (to “weaponize”, deploy an attack, exploit);
vendors (to develop, deploy patches or signatures and updates), and
defenders (to assess risk, regression-test patches, install). Cyber
defenders must operate in a constant stream of new information:
software updates, patches, security advisories, threat bulletins, etc.
Understanding and managing vulnerabilities has become a
continuous activity, requiring significant time, attention, and
resources.
5. CIS Control 3: Continuous Vulnerability Management
CIS Control 3.1:
Run Automated
Vulnerability
Scanning Tools
CIS Control 3.2:
Perform Authenticated
Vulnerability Scanning
CIS Control 3.3:
Protect Dedicated
Assessment
Accounts
CIS Control 3.4:
Deploy Automated
Operating System Patch
Management Tools
CIS Control 3.5:
Deploy Automated
Software Patch
Management Tools
CIS Control 3.6:
Compare Back-to-
back Vulnerability
Scans
CIS Control 3.7:
Utilize a Risk-rating
Process
6. Rise in Vulnerabilities
2016 2017 20192018
• 16555 CVEs
• Average Time to Patch
34 days
• Only 7% of CVEs were
exploited
• 14714 CVEs• 6447 CVEs
• Average Time to Patch
100 to 120 days
• 12174 CVEs
• Target Time to Patch
14 days
Exploited Zero Day
Public Disclosure
Unknown Vulnerabilities
0-2 Weeks
Rising Risk
Day Zero
Update
Releases
2-4 Weeks
50% of exploits
have occurred
40-60 Days
90% of exploits
have occurred
120 Days
7. BlueKeep Timeline
14, May, 2019
CVE-2019-0708
Update Available
15, May, 2019
PoC research begins
Social Media Trackers
GitHub Trackers
20, May, 2019
BSOD achieved
28, May, 2019
Active Scanning of public systems
White Hats and Black Hats
6 security research teams confirmed they have
achieved exploit of BlueKeep
14 Days
9. Time to Patch
Exploited Zero Day
Public Disclosure
Unknown Vulnerabilities
0-2 Weeks
Rising Risk
Day Zero
Update
Releases
2-4 Weeks
50% of exploits
have occurred
40-60 Days
90% of exploits
have occurred
• Challenges:
• Identification Prioritization of Vulnerabilities
• Aggregating Known Issues
• Testing
• Reliability vs Risk
10. “IT wants things to work smoothly,
while security wants security.
At the endpoint, they have to work
together to maintain both.”
Feedback from a survey of 100 CIO/CSOs
11. Exploit Data
Many vulnerabilities are given a severity and rated with a CVSSv3 score that
easily become overlooked. More specific risk data must be taken into
account to help refine prioritization.
Zero Day: Win32k Elevation of Privilege
Vulnerability (CVE-2019-1458) rated
Important, CVSSv3 7.8
Zero Day: Win32k Elevation of Privilege
Vulnerability CVE-2019-1132 rated Important,
CVSSv3 7.8
Zero Day: Scripting Engine Memory
Corruption Vulnerability (CVE-2020-0674)
rated as Critical, but CVSSv3 score of 7.5
Zero Day: DoubleKill (CVE-2018-8174, Critical,
CVSSv3 7.5) and Elevation of Privilege exploit
from May (CVE-2018-8120, Important, CVSSv3 7)
13. Mapping Vulnerabilities to Software Updates
How hard can a handoff be?
In reality, it has many complications.
Each vulnerability
assessment could
contain thousands, 10s
or 100s of thousands of
detected CVEs.
De-duplicating and
researching the list of
detected CVEs can take
5-8 hours or more with
each pass.
16. Department of Homeland Security
Binding Operational Directive 19-02
DHS Says Federal Agencies Have 15
Days to Fix Critical Flaws
Announced in April 2019
What made them successful:
• Eased into the change - BOD 15-01 Announced in May 2015
to review and mitigate critical vulnerabilities within 30 days
• Made the change a top down policy change
• Non-compliance means systems are taken offline
17. 80k+ Global Manufacturer
Manage over 80k systems globally
Target 14 Day SLA for remediation of
Security Vulnerabilities
What made them successful:
• Partner with the business – Heavily use pilot users
• Start testing immediately upon release of updates
• Made updating part of corporate culture
• Set hard timeframes and enable users to opt in to get
patched sooner
18. 66k+ Global Retailor
Manage over 66k systems globally
Target 14 Day SLA for remediation of
Security Vulnerabilities for Servers
Weekly Remediation for Endpoints
What made them successful:
• Partner with the business – Heavily use pilot users
• Start testing immediately upon release of updates
• Made updating part of corporate culture
• Standardization of software
• Made non-compliance a very visible and critical metric to
all levels of the business
20. Flexibility to Meet a Variety of Needs
Ivanti has a variety of solutions depending on your needs.
• Ivanti Endpoint Manager Provides a unified endpoint management solution to manage
your enterprise. Ivanti’s UEM solution provides the best user experience while boosting
productivity and increasing security.
• Ivanti Security Controls Managing vulnerabilities in the datacenter is a bit different than
across endpoints. Security Controls provides capabilities to agentlessly assess and
remediate security updates. Ivanti’s APIs provide the ability to customize your
experience for managing complex runbooks for critical workloads.
• Ivanti Patch for Microsoft Endpoint Manager (SCCM) Ivanti’s simple plug-in allows
you to extend your investment in Microsoft Endpoint Manager in minutes. With just a few
clicks you have publish our entire catalog of hundreds of third-party applications.
23. Remote Control with Ivanti Cloud
• Remote-control nearly any desktop from any device with secure, browser-based
access.
• Resolve remote problems without a remote-control session for common issues like
viewing a device’s task manager, starting and stopping services, troubleshooting a
network outage, and executing scripts.
As IT departments work to satisfy the expectations of users, supporting them through remote capabilities goes a long
way in meeting expectations and improving service and support efficiencies.
25. • Ask Yourself: How accurate is your DiscoveryAsset
Management program?
• Build your security roadmap around a well developed security
framework like CIS framework.
• Evaluate your vulnerability assessment and prioritization.
What metrics are you using? Are they accurate enough?
• 50% of vulnerability exploits occur within 14-24 days of
release of an update. What is your Time to Patch?
• Continually review your security strategy.
5 KEY TAKE AWAYS
We at Ivanti look to security frameworks like the Center for Internet Security’s Critical Security Controls to help prioritize our efforts and maximize our customers benefits. The CIS framework provides a lot of industry best practices and guidance for securing your organization. What we like most about CIS framework is the prioritized guidance. If you start at the beginning and work your way through you will maximize your effectiveness with each step. Here you can see just the first five controls. These controls are key controls which should be implemented in every organization for essential cyber defense readiness.
(Click) For the purposes of this conversation we are going to focus on Continuous Vulnerability Assessment and Remediation
Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.
This control encompasses efforts of both the Security and Operations teams and a combination of solutions including Vulnerability Assessment and Patch Management solutions. Depending on the level of sophistication of your process today this could also include SOAR and SIEM solutions, but often there is a rather large gap from identification and prioritization of a vulnerability to remediation.
Learn more about Ivanti Cloud
https://www.ivanti.com/products/ivanti-cloud
Learn more about Remote Control
https://www.ivanti.com/solutions/needs/remote-control-all-of-my-devices-worldwide
All Ivanti Cloud Benefits:
Provide a common user experience for all levels of analysts that acts as a console to all data, alerts, automation, and actions.
Automate actions and triggers built or scripted that can point to resulting actions both in the cloud or on-prem.
See vulnerabilities in real-time like disabled Windows firewalls or encryption that isn’t turned on and take care of them with the click of a button.
Get insights from machine learning and AI by pulling data from across your organization
Resolve remote problems without a remote-control session for common issues like viewing a device’s task manager, starting and stopping services, troubleshooting a network outage, and executing scripts.
Remote-control nearly any desktop from any device with secure, browser-based access.
Learn more about Ivanti Cloud
https://www.ivanti.com/products/ivanti-cloud
Learn more about Remote Control
https://www.ivanti.com/solutions/needs/remote-control-all-of-my-devices-worldwide
All Ivanti Cloud Benefits:
Provide a common user experience for all levels of analysts that acts as a console to all data, alerts, automation, and actions.
Automate actions and triggers built or scripted that can point to resulting actions both in the cloud or on-prem.
See vulnerabilities in real-time like disabled Windows firewalls or encryption that isn’t turned on and take care of them with the click of a button.
Get insights from machine learning and AI by pulling data from across your organization
Resolve remote problems without a remote-control session for common issues like viewing a device’s task manager, starting and stopping services, troubleshooting a network outage, and executing scripts.
Remote-control nearly any desktop from any device with secure, browser-based access.
Learn more about Ivanti Cloud
https://www.ivanti.com/products/ivanti-cloud
Learn more about Remote Control
https://www.ivanti.com/solutions/needs/remote-control-all-of-my-devices-worldwide
All Ivanti Cloud Benefits:
Provide a common user experience for all levels of analysts that acts as a console to all data, alerts, automation, and actions.
Automate actions and triggers built or scripted that can point to resulting actions both in the cloud or on-prem.
See vulnerabilities in real-time like disabled Windows firewalls or encryption that isn’t turned on and take care of them with the click of a button.
Get insights from machine learning and AI by pulling data from across your organization
Resolve remote problems without a remote-control session for common issues like viewing a device’s task manager, starting and stopping services, troubleshooting a network outage, and executing scripts.
Remote-control nearly any desktop from any device with secure, browser-based access.
Thank you for allowing Ivanti to join your teams today. At this time we would be happy to answer any questions you might have.