SecureWorld Seattle Vulnerability Mgmt Nov 11 2015
1. Kevin J. Murphy
Cyber Security Defense
by Effective Vulnerability Mgmt.
Director, Windows Security Architecture
2. Agenda
2
• Before We Begin..
• Year in Review: Cyber Crime & Nation States, Breaches, & Trends
• Core of Vulnerability Management
• Best Practices
• Peer discussion
10. Year in Review : Cyber crime and Nation Threats
10
• 43% of all cyber attacks originated in China in 2014. http://vpncreative.net
(I don’t believe this. I think China just gets caught)
• Mobile O/S and app threats are rising as vectors into the enterprise
• Dating sites have targeted phishing attacks
• Facebook Twitter & Pinterest –sharing links to friends that are links to malware
11. Patch Management : Just Do IT!
Please download this doc.
Most attacks use known vulnerabilities
Patches are available in most cases
This should be considered as part of the normal operations
12. Patch Management: Core Elements
1. Accurate Asset Inventory
a. Make sure you know your assets better than your attacker.
2. Patch availability awareness
a. Microsoft Security Response Center
b. http://csrc.nist.gov/
c. Your software vendors
3. Timely Monitoring, Scanning & Alerting
infrastructure
This should be considered as part of the normal operations
13. Patch Management: Core Elements
4. Type of Patches
a. Core operating systems patches: Windows, Linux,
Android, iOS, other
b. Infrastructure patches: Cisco, Juniper, F5, Palo Alto,
etc.
c. Your application patches: 3rd party, your internal
developed apps., mobile apps.
d. Monitor tool patches
e. Don’t forget your outliers: security cameras, HVAC,
etc.
This should be considered as part of the normal operations
14. Patch Management : Deployment
Plan on rolling out patches monthly
Critical patches should be patched out of sequence if
an active exploit is in progress
Always test your patches first!
Full-time team
Fully funded in your budget cycle
Patch status should be part of your normal information
system reporting metrics
This should be viewed as part of the normal operations of your systems
15. Patch Management : Tips
Attackers would love to infect your patch and have
you roll out their malware for them.
Use checksums/strong hash to verify patch integrity
Maintain configuration control
Secure network file transfer if possible
Automate and Phase your deployment to patch your
high value systems first
Verify your patch isn’t creating an outage
Protect your patching infrastructure.
16. Patch Management : Cloud Based Systems
In most cases, your cloud provided will handle
patches from the hypervisor and below
You still own patching your cloud based
applications
Verify you cloud service level agreements and
Make sure there are no patching gaps. (Find
the coverage gaps before your attacker does.)
Intel collected – By knowing all the logging sources and working with the customer to incorporate them into the Detection Controls strategy, we will know what they have and the Good, Bad, and the Ugly of the entire environment.
Intel collected – By knowing all the logging sources and working with the customer to incorporate them into the Detection Controls strategy, we will know what they have and the Good, Bad, and the Ugly of the entire environment.