1. Kevin J. Murphy
Cyber Security Defense
by Effective Vulnerability Mgmt.
Director, Windows Security Architecture

2. Agenda
2
• Before We Begin..
• Year in Review: Cyber Crime & Nation States, Breaches, & Trends
• Core of Vulnerability Management
• Best Practices
• Peer discussion

3. Before We Begin……
3

4. Manufacturing Consulting
Energy
Software
Retail Healthcare
Telecommunications
Government
Banking
Others?
Industries Representation

5. PCI Standards
5

6. Year in Review
6

7. Year in Review : Baits and Social Media
7

8. Year in Review : Identity Exposure
8
This data was before the US Gov. OPM breach of 21.5 million identities

9. Year in Review : Attack Profiles
9

10. Year in Review : Cyber crime and Nation Threats
10
• 43% of all cyber attacks originated in China in 2014. http://vpncreative.net
(I don’t believe this. I think China just gets caught)
• Mobile O/S and app threats are rising as vectors into the enterprise
• Dating sites have targeted phishing attacks
• Facebook Twitter & Pinterest –sharing links to friends that are links to malware

11. Patch Management : Just Do IT!
Please download this doc.
Most attacks use known vulnerabilities
Patches are available in most cases
This should be considered as part of the normal operations

12. Patch Management: Core Elements
1. Accurate Asset Inventory
a. Make sure you know your assets better than your attacker.
2. Patch availability awareness
a. Microsoft Security Response Center
b. http://csrc.nist.gov/
c. Your software vendors
3. Timely Monitoring, Scanning & Alerting
infrastructure
This should be considered as part of the normal operations

13. Patch Management: Core Elements
4. Type of Patches
a. Core operating systems patches: Windows, Linux,
Android, iOS, other
b. Infrastructure patches: Cisco, Juniper, F5, Palo Alto,
etc.
c. Your application patches: 3rd party, your internal
developed apps., mobile apps.
d. Monitor tool patches
e. Don’t forget your outliers: security cameras, HVAC,
etc.
This should be considered as part of the normal operations

14. Patch Management : Deployment
 Plan on rolling out patches monthly
 Critical patches should be patched out of sequence if
an active exploit is in progress
 Always test your patches first!
 Full-time team
 Fully funded in your budget cycle
 Patch status should be part of your normal information
system reporting metrics
This should be viewed as part of the normal operations of your systems

15. Patch Management : Tips
 Attackers would love to infect your patch and have
you roll out their malware for them.
 Use checksums/strong hash to verify patch integrity
 Maintain configuration control
 Secure network file transfer if possible
 Automate and Phase your deployment to patch your
high value systems first
Verify your patch isn’t creating an outage
Protect your patching infrastructure.

16. Patch Management : Cloud Based Systems
 In most cases, your cloud provided will handle
patches from the hypervisor and below
 You still own patching your cloud based
applications
 Verify you cloud service level agreements and
 Make sure there are no patching gaps. (Find
the coverage gaps before your attacker does.)

17. Learning From Peers
Let’s
Share
And
Learn

18. Veteran’s Day