Transforming Security Software with Embedded Patch Management
•Download as PPTX, PDF•
1 like•541 views
Are you thinking about extending the endpoint capabilities of your Security Solution? Join us for a dep dive into the value of embedding patch management capabilities into your security software. Learn how other security companies have chosen to add patching and remdiation. Why in 2018 patching is more important than ever as your customers confront ransomware, zero day attacks, and more.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Transforming Security Software with Embedded Patch Management
Similar to Transforming Security Software with Embedded Patch Management (20)
More from Ivanti
More from Ivanti (20)
Recently uploaded
Recently uploaded (20)
Transforming Security Software with Embedded Patch Management
- 1. Transforming Your Security Software with Embedded Patch Management Ivanti Q2 OEM Webinar June 26, 2018
- 2. Presenters Today: Phil Richards, CISO Our Security Model at Ivanti utilizing CIS Controls Russ Eddleman, Director of OEM Partnerships Overview of OEM Program Nik Patronas, Sr Solutions Architect OEM Patching Architecture and Demo
- 3. Agenda • Why Patching Was Critical in 2017 • Ivanti Security Model – CISO perspective • Embedded Patch Management API and Architecture • Demo of Shavlik Patch from Ivanti • Ivanti OEM Patch Program • Q&A
- 4. Why Patching Was Critical in 2017
- 5. 30% of recipients open phishing messages. click on attachments.12% 90+% of security incidents/breaches involve phishing. Verizon 2016 Data Breach Investigations Report Verizon 2017 Data Breach Investigations Report
- 6. The present? The struggle is already real. 72% 49% of security professionals experienced a WannaCry-like event. experienced 3 such events. 20% experienced 6 such events. More than 4,000 ransomware attacks per day since Jan. 2016, a 300% increase over 2015 (U.S. Department of Justice) Farsight Security And in the past year?
- 7. Top 10 vulnerabilities exploited for cyber crime Source: Infosec Institue
- 8. SamSam Attacks Targeted attacks City courts Water system Medical records Limited IT staff Smaller, manageable payments Exploitation of known vulnerabilities Multiple layers of system penetration Preventable with patching! Source: Wired
- 11. Embedded Patching Technology Architecture and Demo Nik Patronas Senior Solutions Architect
- 12. Cloud or Premise based Patch Management solution Ivanti Patch Management Overview Asset Inventory Automation
- 13. Cloud or Premise based Patch Management solution • Microsoft, Linux, Mac and 3rd Party Patch Management • Physical, virtual servers, and workstations • Integrate seamlessly with current OEM technology • VMware virtual environments • On-line virtual machines, off-line virtual machines, templates • ESXi Host Patching Asset Inventory • Hardware, Software, BIOS, etc. Automation • Unique scheduling abilities • Allow IT Administrators to fully automate their patch management process • From initial scan to deployment Ivanti Patch Management Overview
- 14. OEM Patch Content Support for automated and managed patching of: Windows, Mac and Linux OS Hundreds of 3rd party software applications Adobe, Java, Google, Apple, Microsoft, etc. Dedicated team continually research, monitor, validate and publish new patch content. Released at least 2 times a week, often more frequently Includes patch metadata, e.g. type, vendor, name, security, supersedence, pre-requisites, reboot necessity, cve’s, etc. Global Security Content Delivery Network (CDN) Market-leading CDN partner, 40,000+ cache distribution points worldwide Delivered via HTTP(S) protocols, MD5 checksum for every file and many more…
- 15. Scans for missing patches (agent or agentless) Returns patch info and other key metadata for OS and 3rd party applications Creates install scripts for patch installation Outputs URL’s for all patches with flags for silent install, reboot requirements etc. Input parsed from Patch Scan results Downloads incremental updates for patch catalog/signatures De-obfuscates Ivanti’s patch metadata for UI/Reports Keep Ivanti’s patch components and data files up to date Ivanti Windows Patch SDKs Patch Assessment Patch UtilitiesPatch Packaging
- 16. Windows SDK – Technical Highlights Agent-based or agentless assessment and patching Near real-time assessment (5-10 seconds) Quickest verified patch availability in the market Support for physical and virtual systems, including hypervisor and offline VMs Comprehensive and “smart” reboot options Multiple integration options: structured interface, in/out of process COM interface, managed .NET interface, CLI
- 17. Ivanti Mac and Linux SDKs Patch Api Library – Endpoint Assessment & Remediation Patch Utilities Standard API for all target endpoint platforms Native libraries for Mac OS Assess and remediate applicable endpoints Java-based API facilitates download of patch content from CDN of HTTP(S) Easily configured to meet OEM server needs Downloaded security content typically stored in “patch management” tables within OEM partner’s server DB
- 18. Mac and Linux – Technical Details Cross-platform MacOS and Linux/UNIX Assessment and patching Native MacOS Libraries Linux support for SUSE, Redhat, CentOS, Oracle, Ubuntu distributions C++ Native interface/Java JNI Wrapper
- 19. SDK/API OEM As A ServiceWhite-label OEM PATCH MANAGEMENT OPTIONS Embed into your product Windows SDKs, Mac, Linux APIs and Content Cloud or premise Patch for Microsoft SCCM Patch for Endpoints Patch from the Cloud Ivanti Patch Catalog / Content as a service
- 20. OEM Console & Server Machine Group 1 Machine Group 2 Agentless Architecture Scan When new patches come out, The Ivanti Content team test and determine detection and deployment logic. TCP139 /445
- 21. OEM Console & Content Server Machine Group 1 Machine Group 2 Agent Policy An Agent policy defines how the agent is going to scan and patch the device Frequently disconnected devices pose a different problem to solve. An agent can be installed. Manage Agents from the Protect Cloud Agent Architecture
- 22. Demo
- 23. Ivanti OEM Program Russ Eddleman Director of OEM
- 24. Drive profitable growth with Competitive Advantage – INCREASED MARKET REACH MINIMIZE DEVELOPMENT Costs and Time Offer a COMPLETE SOLUTION Extend your BUSINESS VALUE Create CROSS SELL Opportunities
- 25. Powering Our OEM Partners
- 26. Why Have OEMs Chosen Ivanti? Enterprise class OEM track record Flexible business terms Dedicated OEM team SDK designed for OEMs Documented roadmap & regular updates
- 27. Ivanti OEM Models • Fully functional product • Your logo • Product documentation TECHNOLOGY Custom SDK/API OEM Componentized WHITE-LABEL Packaged Fully functional product Your logo Product documentation Fully functional SDK /API API documentation Licensed technology and capabilities Custom documentation
- 28. White Label TECHNOLOGY Custom SDK/API OEM Componentized WHITE-LABEL Packaged Patch for Microsoft SCCM • Snap-in to Microsoft SCCM • Patches 3rd party application and device drivers (Lenovo, Dell, HP) using standard SCCM flows. Patch for Windows • Agent or Agentless patch-management • Virtualization patching and VM patching • Brandable GUI • Patches OS and 3rd party apps Xtraction Reporting and Dashboards • Drag and drop dashboard and reporting tool • Use your own or 3rd party data sources • Display on a single dashboard, or wallboard • Brandable Installation package and UI
- 29. SDK/API OEM TECHNOLOGY Custom SDK/API OEM Componentized WHITE-LABEL Packaged Patch for Windows SDK Patch for Mac API • Core Patch SDK, patches OS and 3rd party apps • Capable of scanning machines in less than 8 seconds without creating user experience issues. • Agentless or agent-based scan of Windows machines. • Agent based • Scans and remediates patch vulnerabilities in Mac OS and third party apps Patch for Linux API • Agent based • Scans and remediates Linux OS. Device Control API • Enables granular control of connected devices and operations • Combat insider threat risks • Manage access and utilization Patch for Microsoft SCCM • Snap-in to Microsoft SCCM • Patches 3rd party application and device drivers (Lenovo, Dell, HP) using standard SCCM flows. Patch for Windows • Agent or Agentless patch-management • Virtualization patching and VM patching • Brandable GUI • Patches OS and 3rd party apps
- 30. Q&A Chat
- 31. Next Steps Resources www.ivanti.com/partners/oem Questions: oem@ivanti.com Documents: OEM Overview (PDF) OEM Program Brief (PDF) Best Practices for Patch Management
- 32. OEM Solutions for Security Vendors www.ivanti.com/partners/oem
Editor's Notes
- As many of you likely know, the Verizon Data Breach Investigations Report (DBIR) is one of the most respected annual reports in the security industry. Just this year the Verizon RISK team found phishing is used in more than 90 percent of security incidents and breaches. (Source: Verizon 2017 DBIR) And at equally alarming rates, users with their many devices are falling victim to ransomware and other malware via these user-targeted attacks. According to Verizon, 30 percent of phishing messages were opened in 2016—up from 23 percent the year before—and in 12 percent of those events users clicked to open the malicious attachment or link. (Source: Verizon 2016 DBIR) The 2016 DBIR highlights the rise of a three-pronged phishing attack: The user receives a phishing email with a malicious attachment or a link pointing to a malicious website. The user downloads malware, which attackers can use to look for secrets and internal information, steal credentials to multiple applications through key logging, or encrypt files for ransom. Attackers can also use stolen credentials for further attacks: for example, to log into third-party websites like banking or retail sites.
- That’s a critical question, because they’re trying to do it right now. When you consider just how common attacks really are and the kinds of attacks they are evolving into? The nightmare scenario we just visited has the heft of reality to it. Though WannaCry and NotPetya made the headlines, cybersecurity professionals work on major incidents in their own organizations throughout the year. According to a 2017 survey from threat intelligence firm Farsight Security, 49% of cybersecurity professionals experienced a WannaCry-like security incident in the last year that the public never heard about. Of those, 72% said major security events had happened three times in that year, and 20% upped that to six. (Source: https://globenewswire.com/news-release/2017/06/27/1029363/0/en/WannaCry-Just-Another-Day-at-the-Office-Confirms-Cybersecurity-Professionals.html) The U.S. Department of Justice reports the staggering figure of more than 4,000 ransomware attacks per day since January 1, 2016, a 300% increase over 2015. (Source: https://www.justice.gov/criminal-ccips/file/872771/download) It’s easy to overlook how common attacks are, and how hard security and IT teams are working to keep infrastructure and data secure.
- There is a really detailed article posted by the Infosec Institute entitled Most Exploited Vulnerabilities: by Whom, When, and How which goes into detail on the information presented here. This article is based on information collected and analyzed by Recorded Future as referenced here. It identifies the vulnerabilities exploited between November 2015 and November 2016 by threat actors such as nation states and criminal organizations and the availability of tools in exploit kits. It further describes some of the secondary activities such as injection of ransomware, malware, phishing, and outright data theft. There are a number of sites that provide Top 10 lists of vulnerabilities and exploited applications. Use them to your advantage and prioritize applications to patch appropriately.
- The SamSam attacks that have been in the news recently, the most notable being the attack on the City of Atlanta, are slightly different than the two we talked about so far. These attacks are very targeted in nature going after smaller organizations such as healthcare, university, and other local systems that have limited IT staffs. These organizations are more likely to pay a ransomeware payment than to deal with the notoriety or the resources needed to recover. Also unique to SamSam is the organized methodology used to conduct the exploitation. This organization targets many known vulnerabilities to gain access to computer systems. Very methodical in their approach, the penetrate the ‘outer’ set of systems and continue the process to work their way deeper into many systems. Once they have achieved the desired level of penetration they will release the ransomware to encrypt the files. The most important point here, is that the vulnerabilities being exploited have patches available. This could all be prevented!
- Cloud or Premise based Patch Management solution Microsoft, Linux, Mac and 3rd Party Patch Management Physical, virtual servers, and workstations Integrate seamlessly with current OEM technology VMware virtual environments On-line virtual machines, off-line virtual machines, templates ESXi Host Patching Asset Inventory Hardware, Software, BIOS, etc. Automation Unique scheduling abilities Allow IT Administrators to fully automate their patch management process From initial scan to deployment
- Cloud or Premise based Patch Management solution Microsoft, Linux, Mac and 3rd Party Patch Management Physical, virtual servers, and workstations Integrate seamlessly with current OEM technology VMware virtual environments On-line virtual machines, off-line virtual machines, templates ESXi Host Patching Asset Inventory Hardware, Software, BIOS, etc. Automation Unique scheduling abilities Allow IT Administrators to fully automate their patch management process From initial scan to deployment
- Competitive advantage - Increase market reach to attract new customers Minimize development costs and time - Accelerate time to market Offer a more complete solution - Boost adoption of your application Extend your business value - Generate additional revenue through larger deal sizes Create new cross sell opportunities
- Enterprise class OEM solutions Track record of ongoing OEM relationships Flexible business terms Dedicated engineering and technical support Access to SDK designed for OEMs, Regular updates Documented roadmap
- White Label Fully functional product with your logo on it. Your responsibilities include re-hosting the delivery of the executable, hosting online documentation and licensing interfaces. SDK/API OEM We deliver fully functional SDK’s and/or API’s to you complete with documentation and upgrades over time. You implement this into your code and call the engine as you need, customizing its access to your specific use cases. Technology We offer most of our capabilities and technologies for license. If you are looking for reputation content, patch content, or other capabilities, we supply these and you integrate directly into your product.