Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Vulnerability Management


Published on

Presentation I gave to a client on showing the importance of implementing a vulnerability management program life cycle.

Published in: Technology
  • Be the first to comment

Vulnerability Management

  1. 1. Importance of Vulnerability Management Anthony Asher
  2. 2. 1 What is Vulnerability Management (VM)? 2 Why is VM important? 3 Examples of vulnerability exploits 4 What the difference?
  3. 3. Vulnerability / Assess / Manage • Vulnerability: a weakness of an asset or group of assets that can be exploited by one or more threats. • Assessment: process of identifying vulnerabilities in computers and networks as well as weaknesses in policies and practices practices. • Management: “process of attempting to identify process and mitigate security vulnerabilities within an IT environment on a continuous basis” – Deloitte & Touche
  4. 4. Vulnerability Management Lifecycle Verify Discover Remediate Prioritize Assets Report Assess
  5. 5. Why is vulnerability management important? 1990 s Hacker s 1990’s – Hacker’s would try single exploit on host after host Host #1 until they found a vulnerable target to break into. t tt b ki t Exploit H@ck3r Host #3 Host #2
  6. 6. Why is vulnerability management important? Targeted Company Attack Attack #1 #4 Targeted Attack Company C Attack Att k #2 #5 Attack Attack #3 #6 2008 – Hacker’s target and attack carefully identified companies with an onslaught of attacks until successful.
  7. 7. Why is vulnerability management important? Asset Control (Botnet) Sensitive Legal Company Compliance Information Vulnerability Exploits Cripple Companies: Customer Reputation Information Financial Legalities
  8. 8. Master Lock – The Th most trusted consumer padlock. tt t d dl k Vulnerability #1: Combination Code Deduction EXPLOIT: Deducing the code by removing uneven number the lock stops at while under tension will reveal code. Vulnerability #2: Shackle Spacing EXPLOIT: Shim made from soda can open lock.
  9. 9. Purpose of Vulnerability Management: p y g Examine the technologies in place and identify vulnerabilities. Putting a system in place to continuously compare the vulnerabilities to a policy, and systematically mitigate these vulnerabilities to lower a company s company’s exposure to risk.
  10. 10. Examples of Negligence
  11. 11. Cost of not managing vulnerabilities Estimates the average data breach costs the company $4.8 million. • Average cost of $ g $182/ lost customer record • Average 26,300 lost records per breach
  12. 12. Five Mistakes of Vulnerability Management Scanning but failing to act act. Patching same as VM. Mistakes VM is only a technical problem. Assessing without whole picture. Unprepared for Zero Day exploits Zero-Day exploits.
  13. 13. Is Nessus and/or Patching enough? g g Tools of Vulnerability y Management Life-Cycle Prioritize Group Assess Nessus Remediate Discover Scan Nessus Security Scanner Report Verify (Assess) Microsoft WSUS / Patching g MBSA (Remediate)
  14. 14. Vulnerability Management Critical • With a growing number of vulnerabilities, coupled with the dynamic attack methods and exploits in today's security landscape places enterprise businesses at great risk. p g • Implementing a vulnerability management process will help identify and remediate vulnerabilities before exploits are used. • Scanning and patching alone will not provide the system to comprehensively lower a y p y companies security exposure and risk.
  15. 15. Questions? Q ti ?