Why Patch Management is Still the Best First Line of Defense


Published on

Today more than 2 million malware signatures are identified each month and traditional anti-virus defenses simply can’t keep up. Even the major anti-virus vendors have concluded that stand-alone anti-virus no longer provides an effective defense and that additional layers of security technology are needed to address the rising volume and sophistication of threats. View this presentation to learn:
• Why you can’t forget about older vulnerabilities
• How to reduce exposure from both OS and 3rd party application vulnerabilities
• The challenges with reliance upon “free” patching tools and native updaters
• Why you should consider patch management as the core of an effective depth-in-defense endpoint security approach

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Why Patch Management is Still the Best First Line of Defense

  1. 1. Why Patch Management is Still the Best First Line of Defense<br />
  2. 2. Today’s Speaker<br />Paul Henry<br />Security & Forensics Analyst<br />MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCE<br />SANS Institute Instructor<br />2<br />
  3. 3. Today’s Agenda<br />More Vulnerabilities – Beyond Just Microsoft<br />Increased Sophistication of Attacks<br />Patch Management Challenges<br />The Best First Line of Defense<br />Q&A<br />
  4. 4. More Vulnerabilities…Beyond Just Microsoft<br />
  5. 5. Vulnerabilities AND Exploits on the Rise<br />Report: Exploits Rate Reaches 61 Percent in January 2011<br /><ul><li>Attackers exploited more new vulnerabilities in January than usual, writing exploits for half of 'critical' vulnerabilities </li></ul>Source: Dark Reading, February 3, 2011<br />5<br />
  6. 6. Known Vulnerabilities Still Being Exploited<br />Source: M86 Security<br />6<br />
  7. 7. Growing Application Risk – No Longer Just Microsoft<br /><ul><li>Social networking applications were detected in 95% of organizations. *
  8. 8. 78% of Web 2.0 applications support file transfer.*
  9. 9. 2/3 of applications have known vulnerabilities.*
  10. 10. 28% of applications were known to propagate malware.*</li></ul>* Palo Alto Networks Application Survey 2009, 2010<br />7<br />
  11. 11. Increasing # of Web App Vulnerabilities<br />IBM X-Force<br />8<br />
  12. 12. Web Applications are the Leading Attack Path<br />The applications we use today for productivity<br />Collaborative / Browser-based / Open Source<br />Source: Verizon, 2010 Data Breach Investigations Report<br />Social Communities, Gadgets,Blogging and Widgets <br />open up our networks to increasing risk everyday.<br />9<br />
  13. 13. Increased Sophistication of Attacks<br />
  14. 14. Multiple Vectors and Multiple Exploits<br />11<br />
  15. 15. Abusing Unintended Consequences<br />12<br />
  16. 16. Better Tools For The Bad Guys<br />13<br />
  17. 17. Point And Click Malware Design<br />14<br />
  18. 18. Why Buy It When You Can Rent It?<br />15<br />
  19. 19. Common Denominator<br />In a recent data breach study of 500 breaches….. 90% of the exploits used for <br />entry had patches available for 6 months or longer. The same study went on to <br />point out that 50% of systems have 10 or more vulnerabilities for which patches <br />are currently available for.<br />16<br />
  20. 20. Patch Management Challenges<br />
  21. 21. Minimize Your True Endpoint Risk<br />Areas of Risk at the Endpoint<br />Patch and configuration analysis and delivery are needed across all systems; operating systems and applications.<br />Unmanaged endpoints on the network are unknown and unprotected.<br />Application and operating system patching is not benchmarked or continuously enforced.<br />Standard configurations are not assessed or enforced.<br />Un-patched browsers represent the highest risk for web-borne malware.<br />5% <br />Zero-Day<br />30% <br />Missing Patches<br />65% <br />Misconfigurations<br />Source: John Pescatore Vice President, Gartner Fellow<br />18<br />
  22. 22. Lack of Resources and Coordination<br /><ul><li>Reduced IT personnel and network resources</li></ul>Decrease the Effectiveness of Endpoint Operations & Security<br /><ul><li>Lack of visibility and coordination</li></ul>IT Operations and IT Security are not always coordinated<br />Reduced ability to manage organizational compliance and IT risk<br />19<br />
  23. 23. The Old Approach Doesn’t Work<br />Fragmented approach to vulnerability management<br />Tools do not consolidate or centralize the management of heterogeneous environments<br />High management overhead & cost<br />Lack of visibility of the overall security posture<br />Don’t discover blind spots or hidden devices<br />Disparate reporting<br />20<br />
  24. 24. The Best First Line of Defense<br />
  25. 25. Patching Client Side Apps Now #1 Priority<br />The problem of un-patched client-side vulnerabilities is one of the two most pressing priorities organizations need to address to mitigate cyber security risks. <br />Most organizations today take at least twice as long to patch third-party application vulnerabilities than they do to patch operating system vulnerabilities.<br />SANS Institute, Top Cyber Security Risks, September 2009<br />22<br />
  26. 26. Managing Vulnerabilities: Best Practices<br />Source: Aberdeen Group, Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), December 2010<br />23<br />
  27. 27. Comprehensive and Actionable IT Risk Mitigation<br />Lumension® Endpoint Management & Security Suite: Patch & Remediation<br />Discovers: Ensures complete visibility of all IT assets, both managed and unmanaged.<br />Assesses: Performs a deep analysis and thorough OS, application and security configuration vulnerability assessments.<br />Prioritizes: Focuses on your most critical security risks first.<br />Remediates: Automatically deploys patches to an entire network per defined policy to support all OS’s and applications – to both online AND offline machines. <br />Reports: Provides operational and management reports that consolidate discovery, assessment and remediation information on a single management console.<br />24<br />
  28. 28. Streamline Patch Management Across Your Environment<br />Lumension Endpoint Management and Security Suite is an extensible solution suite that reduces complexity, optimizes TCO, improves visibility and delivers control back to IT.<br /><ul><li>Reduces Complexity and TCO through effective automation of operational tasks
  29. 29. Provides Greater Visibility and Into Control Over your network’s endpoints
  30. 30. Improves Operational Efficiency with a single console to manage multiple functions
  31. 31. Elevates Security and Compliance Posture through automatic policy enforcement</li></ul>25<br />
  32. 32. Patch is Core Component of Defense-in-Depth<br />AntiVirus<br />Emerging Endpoint Security Stack<br />Device Control<br />Device Control<br />Traditional Endpoint Security<br />Application Control<br />Application Control<br />BlacklistingAs The Core<br />Patch & Configuration<br />Mgmt.<br />Defense-N-Depth<br />Consumerizationof IT<br />Zero Day<br />MalwareAs a Service<br />3rd Party Application Risk<br />26<br />
  33. 33. Q&A<br />
  34. 34. Next Steps<br />Overview of Lumension® Patch and Remediation<br />http://www.lumension.com/Resources/Demo-Center/Overview-Vulnerability-Management-Solution.aspx<br />Vulnerability Scanner Tool<br />http://www.lumension.com/Resources/Security-Tools/Vulnerability-Scanner.aspx<br />Third Party Analysis<br />Forrester Wave: Vulnerability Management 2010<br />http://www.lumension.com/Resources/Reports/Forrester-Wave---Vulnerability-Management-Q2-2010.aspx<br />Tolly Report: TCO Comparison - Lumension® vs. Microsoft ® WSUS<br />http://www.lumension.com/Resources/WhitePapers/Lumension-Vulnerability-Management-Microsoft-WSUS.aspx<br />28<br />
  35. 35. Global Headquarters<br />8660 East Hartford Drive<br />Suite 300<br />Scottsdale, AZ 85255<br />1.888.725.7828<br />info@lumension.com<br />