View this technical presentation on the recommended steps to achieve a best practices approach to patch and vulnerability management. Take away the critical items and processes you need to address to help you reduce costs and risks in the long term.
Vulnerability and patch management tools allow organizations to assess and remediate security vulnerabilities across their IT infrastructure. By automating vulnerability scans, patch deployment, and compliance reporting, these tools can help audit 100% of systems on a regular basis, speed remediation times, and reduce business risks and costs associated with security breaches. While native OS tools provide some patching and management capabilities, dedicated vulnerability and patch management solutions offer more comprehensive vulnerability assessments, centralized administration and reporting, and scalability needed for large enterprise environments.
The document discusses the patch management capabilities of SyAM Software. It allows performing vulnerability scans on demand or through automated scheduling. On-demand scans can be run against selected systems. Results show missing patches that can be deployed. Automated patching can be configured by creating templates that define the patch types to scan and deploy. Jobs are then scheduled and run against selected systems using the configured templates.
Enterprise Vulnerability Management: Back to BasicsDamon Small
Vulnerability Management is the lifecycle of identifying and remediating vulnerabilities in an organization's enterprise. A number of companies are starting to do this well, but in some cases, focus on advanced and emerging threats has had the unintended consequence of leaving Vulnerability Management unattended. Defense is actually hard work and people aren't doing it as well as they should! Considered in the context of asymmetric warfare, Blue Teaming is more difficult than Red Teaming. Coupled with the fact that most vulnerabilities do not actually suffer from advanced attacks and 0-days, Vulnerability Management must be the cornerstone of any Information Assurance Program.
The speakers, Kevin Dunn and Damon Small, will describe the key elements of a mature Vulnerability Management Program (VMP) and the pitfalls encountered by many organizations as they try to implement it. Dunn and Small will include detailed examples of why purchasing the scanner should be one of the last decisions made in this process, and what the attendee must do to ensure the successful defense of company assets and data. This session will cover:
- Vulnerability Management: What is it good for?
- What is it not good for?
- How do I make a real difference?
Patch Management: 4 Best Practices and More for Today's Healthcare ITKaseya
1) The document discusses best practices for patch management in healthcare IT, including discovering and assessing systems to identify needed patches, identifying and testing patches, evaluating and planning patch deployment, and deploying and remediating patches.
2) It recommends automating patch management for reduced costs, improved productivity and system performance. Automation can assess systems, identify new patches, evaluate needed patches, schedule deployments, and create reports.
3) The document is a presentation about patch management solutions from Kaseya, an IT automation company, and promotes their product for comprehensive, scalable, and affordable automated patch management.
Despite the constant stream of drama-filled news about the latest security exploits, many businesses lag behind in making investments in patch management.
Whether the mindset is “Windows updates itself” or “we’ll deal with problems as they occur” – many have yet to invest in a regular patch management program. Explaining patch management is not only necessary but is in fact vital to business productivity and continuity.
Join N-able’s Scott Parker for some great data and hard numbers on patch management and some tips on how to get your customers on a regular patch management program. They will cover:
• How to position patch management (and deal with common objections)
• Where are the missing patches?
• What are the consequences of unpatched systems?
This document discusses patch and vulnerability management. It begins with an agenda that covers why patch management matters, its relationship to risk management and penetration testing, how to implement patch and vulnerability management, establish metrics, plan ahead, and draw conclusions. It then discusses key aspects of patch and vulnerability management including monitoring vulnerabilities, establishing priorities, managing knowledge of vulnerabilities and patches, testing patches, implementing patches, verifying implementation, and improving the process. The goal is to reduce risk by addressing vulnerabilities through a structured patch management program.
The document discusses reducing security risks for small businesses through vulnerability assessments. It notes that small businesses are increasingly targeted by hackers. A vulnerability assessment includes a one-time scan of a business's security exposure across devices on its network to identify issues like out-of-date software. The assessment provides a report on findings prioritized by risk level and recommendations to remedy problems to help businesses strengthen their security before facing attacks.
Vulnerability and patch management tools allow organizations to assess and remediate security vulnerabilities across their IT infrastructure. By automating vulnerability scans, patch deployment, and compliance reporting, these tools can help audit 100% of systems on a regular basis, speed remediation times, and reduce business risks and costs associated with security breaches. While native OS tools provide some patching and management capabilities, dedicated vulnerability and patch management solutions offer more comprehensive vulnerability assessments, centralized administration and reporting, and scalability needed for large enterprise environments.
The document discusses the patch management capabilities of SyAM Software. It allows performing vulnerability scans on demand or through automated scheduling. On-demand scans can be run against selected systems. Results show missing patches that can be deployed. Automated patching can be configured by creating templates that define the patch types to scan and deploy. Jobs are then scheduled and run against selected systems using the configured templates.
Enterprise Vulnerability Management: Back to BasicsDamon Small
Vulnerability Management is the lifecycle of identifying and remediating vulnerabilities in an organization's enterprise. A number of companies are starting to do this well, but in some cases, focus on advanced and emerging threats has had the unintended consequence of leaving Vulnerability Management unattended. Defense is actually hard work and people aren't doing it as well as they should! Considered in the context of asymmetric warfare, Blue Teaming is more difficult than Red Teaming. Coupled with the fact that most vulnerabilities do not actually suffer from advanced attacks and 0-days, Vulnerability Management must be the cornerstone of any Information Assurance Program.
The speakers, Kevin Dunn and Damon Small, will describe the key elements of a mature Vulnerability Management Program (VMP) and the pitfalls encountered by many organizations as they try to implement it. Dunn and Small will include detailed examples of why purchasing the scanner should be one of the last decisions made in this process, and what the attendee must do to ensure the successful defense of company assets and data. This session will cover:
- Vulnerability Management: What is it good for?
- What is it not good for?
- How do I make a real difference?
Patch Management: 4 Best Practices and More for Today's Healthcare ITKaseya
1) The document discusses best practices for patch management in healthcare IT, including discovering and assessing systems to identify needed patches, identifying and testing patches, evaluating and planning patch deployment, and deploying and remediating patches.
2) It recommends automating patch management for reduced costs, improved productivity and system performance. Automation can assess systems, identify new patches, evaluate needed patches, schedule deployments, and create reports.
3) The document is a presentation about patch management solutions from Kaseya, an IT automation company, and promotes their product for comprehensive, scalable, and affordable automated patch management.
Despite the constant stream of drama-filled news about the latest security exploits, many businesses lag behind in making investments in patch management.
Whether the mindset is “Windows updates itself” or “we’ll deal with problems as they occur” – many have yet to invest in a regular patch management program. Explaining patch management is not only necessary but is in fact vital to business productivity and continuity.
Join N-able’s Scott Parker for some great data and hard numbers on patch management and some tips on how to get your customers on a regular patch management program. They will cover:
• How to position patch management (and deal with common objections)
• Where are the missing patches?
• What are the consequences of unpatched systems?
This document discusses patch and vulnerability management. It begins with an agenda that covers why patch management matters, its relationship to risk management and penetration testing, how to implement patch and vulnerability management, establish metrics, plan ahead, and draw conclusions. It then discusses key aspects of patch and vulnerability management including monitoring vulnerabilities, establishing priorities, managing knowledge of vulnerabilities and patches, testing patches, implementing patches, verifying implementation, and improving the process. The goal is to reduce risk by addressing vulnerabilities through a structured patch management program.
The document discusses reducing security risks for small businesses through vulnerability assessments. It notes that small businesses are increasingly targeted by hackers. A vulnerability assessment includes a one-time scan of a business's security exposure across devices on its network to identify issues like out-of-date software. The assessment provides a report on findings prioritized by risk level and recommendations to remedy problems to help businesses strengthen their security before facing attacks.
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
Today, everything has to be patched. From desktop and laptop to server and every operating system in between. With compliance, what we have to pay attention to is what’s actually out there on our network – not just what you wish were there.
Servers (Windows, UNIX and Linux)Even Windows-centric environments have at least a few UNIX or Linux servers that need to be secure and patched. Linux and UNIX servers often fulfill critical functions with few and short maintenance windows. These can be a real pain point for admins who specialize in Windows or are managed by an entirely different admin.
Desktops (Windows and Macs)Maybe you are responsible for desktops instead of servers. Again it’s not just a Windows story any more. More and more people are opting for Macs instead of Windows. Watch the vulnerability lists and you’ll see that Macs need patching too.
The kicker though is the 80/20 rule. If at least 80% of the computers on your network are Windows and the remaining 20% are everything else – it’s a safe bet, given the maturity and ease of WSUS, that 20% of your patching effort goes to Windows but 80% of your effort is consumed with patching all the different flavors of UNIX, Linux and your Mac computers. We need one system to manage all our patches and one pane of glass to prove compliance from data center to desktop.
Believe it or not System Center 2012 R2 provides the infrastructure to do just that – it just needs a little help. Last time we showed you how you can patch 3rd party apps on Windows through System Center Update Manager. This time we’ll show you how you can patch non-Windows systems using the new System Center clients for UNIX, Linux and Mac.
2015 Endpoint and Mobile Security Buyers GuideLumension
Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015.
• Protecting Endpoints: How the attack surface has changed, and the impact to your defense strategy
• Anti-Malware: The best ways to deal with today’s malware and effectively protect your endpoints from attack
• Endpoint Hygiene: Why you can’t forget the importance of ensuring solid management of your endpoint devices
• BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization
• The Most Important Buying Considerations in 2015
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
This document discusses how to secure corporate information on iOS and Android devices. It outlines 9 key areas to focus on: 1) unattended device control 2) password complexity 3) encryption 4) remote lock 5) remote wipe 6) detection of jailbroken/rooted devices 7) hardware/software inventory 8) restricting device features 9) using policies to enable desired features. For each area, it describes considerations and options for securing iOS and Android devices. It emphasizes the importance of device health monitoring, password/encryption enforcement, remote wipe capabilities, and using mobile device management software to consistently manage mobile endpoints.
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
The preliminary results are in - hear what more than 1,000 members of the Linkedin Infosec Community have to say about BYOD and mobile security challenges including what they are doing to combat mobile device risk and what solutions and security practices really work.
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Lumension
This document discusses using SCUP (SystemCenter Updates Publisher) to patch third-party applications with WSUS (Windows Server Update Services). It provides an overview of SCUP, the process for building software updates, and obtaining pre-built update catalogs. It describes how to define updates in SCUP, including software updates, catalogs, and publications, and publishing the updates to WSUS and SCCM (System Center Configuration Manager). It recommends importing pre-built catalogs from Lumension to simplify the process of third-party patching.
Careto: Unmasking a New Level in APT-ware Lumension
The document discusses the Careto malware, which targeted government, energy, and private organizations across 31 countries. It infected over 380 victims using spearphishing emails containing links to malicious servers. The malware installed backdoor components and a rootkit to intercept system calls, steal files and data, and communicate with command and control servers. It exploited vulnerabilities in Java, Flash, and browser plugins to install itself and establish persistence through injected DLLs.
Securing Your Point of Sale Systems: Stopping Malware and Data TheftLumension
Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack.
During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems.
•3 Critical Entry Points to POS System Attacks
•Impacts to an Organization
•Top 3 Security Measures to Minimize Risk
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...Lumension
Thanks to you, the audience at UltimateWindowsSecurity, for the 2014 Survey. It was a great success with over 600 respondents! I appreciate all of you who took the time give me your thoughts.
You’ve provided some great ideas for real training for free™ in the coming year and I’ve learned which topics are most important to you. That’s going to benefit all of us.
In this presentation, we'll present our findings. We’ll talk about the community’s top goals for 2014, which topics you recommended I cover in 2014 and what our community sees as the greatest security concerns for 2014. And we’ll discuss other trends emerging from the data.
Find out about the top trends, such as:
SIEM – What are the top SIEM solutions? What is the UWS community’s top 3 biggest challenges with log/monitoring/security analytics?
Endpoint Security – How widely is application whitelisting being used and what is driving its adoption? Which endpoint security technologies really work and which are just hype?
Mobile Devices – Are employee owned mobile devices supported at your organization? Is your biggest concern with mobile devices malware, data loss, compliance?
The Cloud – How widely are your peers embracing the cloud? Is your organization’s security policy, technology and training keeping up with the move to the cloud?
Advanced Security Topics – What are your peers doing about “big data”? What about endpoints as sensors, and other new security approaches?
This will be a fact-filled and fascinating presentation on where we are and where we are going on a host of different security fronts. Don’t miss it.
2014 Data Protection Maturity Survey: Results and AnalysisLumension
This document summarizes the results of a 2014 data protection maturity survey. It finds that while data security is increasingly seen as a strategic initiative, organizations still struggle with sufficient resources. On average, 6% of IT budgets are spent on security. The survey assessed technical, administrative, and motivational controls to determine an organization's maturity level. Most organizations fall in the standardizing or operational categories, showing some security practices but still needing improvement. The survey aims to help organizations understand their maturity and improve data protection.
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
Organizations around the world are losing intellectual property and customer data to cyber criminals at mind-boggling rates. How is this happening?
For 5 consecutive years, the annual State of the Endpoint Report, conducted by Ponemon Institute, has surveyed IT practitioners involved in securing endpoints. This year’s report reveals endpoint security risk is more difficult to minimize than ever before. What are IT pros most concerned about heading into 2014? From the proliferation of mobile devices, third party applications, and targeted attacks/APTs, endpoint security risk for 2014 is becoming more of a challenge to manage.
Larry Ponemon of the Ponemon Institute reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2014 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn:
•IT perspective on the changing threat landscape and today’s Top 5 risks;
•Disconnect between perceived risk and corresponding strategies to combat those threats;
•Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain
Windows XP is Coming to an End: How to Stay Secure Before You MigrateLumension
Microsoft will end support for Windows XP on April 8, 2014. There are still an estimated 200 million Windows XP machines worldwide, including 96% of US schools and 72% of PCs in China. Ending support means no more security updates, leaving these systems vulnerable to attack. The document outlines 5 strategies for addressing this: 1) Ignore which risks certain attacks; 2) Isolate which reduces productivity and has physical risks; 3) Extend with expensive premier support but no OS improvements; 4) Bandage with antivirus which is not a permanent solution; 5) Replace by upgrading the OS and hardware which is time-consuming and costly. The recommended strategy is to lockdown systems using application whitelisting to secure existing Windows
Adobe Hacked Again: What Does It Mean for You? Lumension
Last time it was Adobe’s code signing servers. This time it’s 2.9 million (let’s just call it 3) customers’ data and lots and lots of source code – including that of Acrobat. Adobe products already require constant patching but offer no enterprise level solution for patching. In this presentation by Ultimate Windows Security, we’ll present why this will likely lead to more and we’ll look at what we know about this latest Adobe breach.
But more importantly I’ll show what you can do in advance to protect yourself against zero-day exploits in Adobe products and programs. After all this won’t be the last time a software vendor is hacked. In this day and age we have to protect ourselves from the failures of our software providers.
I’ll present 3 ways you can go on the offensive to protect yourself from the constant vulnerabilities discovered in Adobe Reader, Acrobat, Flash and Oracle Java. Here’s what we’ll discuss:
*Alternatives to Adobe and Java
*Different ways to containing vulnerable apps in a sandbox
* Using advanced memory protection technologies to detect and stop buffer overflows and other memory based attacks
Patching and AV only helps you close the window on hacker opportunity. To prevent the window from opening in the first place you have to prevent untrusted code from ever running in the first place. That requires application whitelisting and memory protection against code injection – a growing menace that bypasses controls based on file system and EXE scanning.
That’s why Lumension is sponsoring this event. I think you’ll be interested seeing 2 of their end-point security technologies that will help protect you from the new exploits on their way as a result of this hack as well as the constant stream of exploits discovered every day.
This is going to be a really cool presentation with practical tips that you can apply. Learn how to protect your systems from other software vendor vulnerabilities.
Real World Defense Strategies for Targeted Endpoint Threats Lumension
This document discusses strategies for defending against targeted endpoint threats such as advanced persistent threats (APTs). It begins with an overview of APTs and examines targeted threat trends, including that most attacks target user devices and organizations of all sizes. It then presents a targeted threat framework involving discover, distribute, exploit, control, and execute phases. The document advocates a defense-in-depth strategy using tools like antivirus, firewalls, and patch management to detect, deny, disrupt, and defend against targeted threats throughout the attack lifecycle. It concludes with additional resources on educating users and security professionals about APTs and defense best practices.
APTs: The State of Server Side Risk and Steps to Minimize RiskLumension
This document discusses server-side risks from advanced persistent threats (APTs) and steps organizations can take to minimize those risks. It identifies technologies like application control and antivirus, as well as processes, that can help mitigate risks. It also provides links to free security tools and whitepapers on related topics from Lumension, and includes an appendix with survey responses about server security challenges and mitigation strategies.
2014 Ultimate Buyers Guide to Endpoint Security SolutionsLumension
This document provides an overview and buyer's guide for endpoint security solutions. It discusses the advanced threats facing endpoints today and techniques for protecting them, including anti-malware, endpoint hygiene practices like patch management and configuration management, device control, and endpoint security platforms. The document also covers considerations for buying an endpoint security solution like platform capabilities, cloud vs on-premise deployment, and vendor selection process.
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
The European Union’s proposed new data protection regulation aims to update Europe’s data protection laws and to provide a more consistent data protection framework across the Continent.
But the new regulation, which replaces the EU’s existing data protection directive and member states’ data protection laws, will put some new demands on organisations holding personal data. Breach disclosure and “the right to be forgotten” will force businesses to update their data protection and retention policies.
This presentation will:
- Review the current EU laws, and contrast them with laws in other parts of the world;
- Examine the arguments for strengthening data protection in Europe, and the likely outcomes;
- Look at what security teams should already be doing to put themselves ahead of legislative changes;
- Outline strategies and technologies organisations need to meet current and future data protection requirements
- Help infosecurity teams to explain the changes – and their consequences – to their boards
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
Just over a decade ago, the outcry over Microsoft’s security problems reached such a deafening level that it finally got the attention of Bill Gates, who wrote the famous Trustworthy Computing memo. Today, many would say that Microsoft leads the industry in security and vulnerability handling.
Now, it’s Java that’s causing the uproar. But has Oracle learned anything from Microsoft in handling these seemingly ceaseless problems? I’ll start by reviewing the wide-ranging Java security changes Oracle is promising to make. They sound so much like the improvements Microsoft made back with Trustworthy Computing that I’m amazed it hasn’t been done before! We’ll move on to discuss what you can do now to address Java security in your environment.
One of the banes of security with Java is the presence of multiple versions of Java, often on the same computer. Sometimes you really need multiple versions of Java to support applications with version dependencies (crazy, I know). But other times, multiple copies of Java are there “just because.” In this webinar, we’ll talk about the current Java mess and how you can get out of it, including:
Assessment. We’ll discuss ways and tools for cataloging what versions of Java are actually out there on your endpoints.
Identification. We’ll look at methods for identifying which versions are actually required by your users; for instance, I’ll show you how you might use Process Tracking and File Access events in the Windows Security Log to see which Java files are being accessed, by whom, and by which programs.
Disabling. Can you just disable Java? Maybe not for everyone, but what if you could disable it for certain roles within your company that make up 25% – or even 75% – of your workforce? That would be worth it. We’ll explore how you might go about such a measure.
Hardening. We’ll dive into the technical details of hardening Java and reducing your Java attack surface, where possible.
Filtering. Another way to reduce your Java risk is by filtering Java content at your gateway. Again not full coverage control – but what is?
Patching. Then, we’ll delve into the Java patching nightmare. Depending on self-updaters on each endpoint, is could be a recipe for disaster, and I’ll explain why. Basically the only way out of the Java mess is a 3rd party solution that can perform centralized patch management and remediation and that’s where our sponsor, Lumension, will come in.
BYOD & Mobile Security: How to Respond to the Security RisksLumension
Bring Your Own Device (BYOD) is a popular topic in 2013. Trying to understand the security risks and prepare strategies to either adopt, or decide against BYOD for security and data control reasons is the challenge.
The 160,000 member Information Security Community on LinkedIn conducted the survey "BYOD & Mobile Security 2013" to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend. With 1,600 responses, some interesting insights and patterns into BYOD were uncovered.
3 Executive Strategies to Reduce Your IT RiskLumension
Do you want to know how ‘best-of-breed’ enterprises prioritize their IT risk? Join Richard Mason, Vice President & Chief Security Officer at Honeywell, whose team is responsible for global security, during a roundtable discussion with Pat Clawson, Chairman & CEO of Lumension and Roger Grimes, Security Columnist & Author. Uncover strategies beyond traditional antivirus signatures and learn a more holistic approach to effective risk management. Find out ‘how’ and ‘why’ you can make security a prioritized function within your organization.
Join this expert panel webcast to learn how to:
1)Understand your business audiences and evaluate their risk tolerance
2)Leverage reputation management services that are appropriate for your organization
3)Utilize realistic change management to secure prioritized data depositories
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...Lumension
APTs have become a major topic of conversation – and in some cases, a critical threat – among IT security departments. But the technology and motivation behind APTs has changed significantly since the introduction of Stuxnet, continuing to evolve rapidly to avoid detection.
In this special Dark Reading presentation, a leading expert on the origins and directions of APTs will discuss the changing nature of these sophisticated threats – and how you can prepare your enterprise security environment to detect and mitigate these complex and dangerous attacks.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
Today, everything has to be patched. From desktop and laptop to server and every operating system in between. With compliance, what we have to pay attention to is what’s actually out there on our network – not just what you wish were there.
Servers (Windows, UNIX and Linux)Even Windows-centric environments have at least a few UNIX or Linux servers that need to be secure and patched. Linux and UNIX servers often fulfill critical functions with few and short maintenance windows. These can be a real pain point for admins who specialize in Windows or are managed by an entirely different admin.
Desktops (Windows and Macs)Maybe you are responsible for desktops instead of servers. Again it’s not just a Windows story any more. More and more people are opting for Macs instead of Windows. Watch the vulnerability lists and you’ll see that Macs need patching too.
The kicker though is the 80/20 rule. If at least 80% of the computers on your network are Windows and the remaining 20% are everything else – it’s a safe bet, given the maturity and ease of WSUS, that 20% of your patching effort goes to Windows but 80% of your effort is consumed with patching all the different flavors of UNIX, Linux and your Mac computers. We need one system to manage all our patches and one pane of glass to prove compliance from data center to desktop.
Believe it or not System Center 2012 R2 provides the infrastructure to do just that – it just needs a little help. Last time we showed you how you can patch 3rd party apps on Windows through System Center Update Manager. This time we’ll show you how you can patch non-Windows systems using the new System Center clients for UNIX, Linux and Mac.
2015 Endpoint and Mobile Security Buyers GuideLumension
Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015.
• Protecting Endpoints: How the attack surface has changed, and the impact to your defense strategy
• Anti-Malware: The best ways to deal with today’s malware and effectively protect your endpoints from attack
• Endpoint Hygiene: Why you can’t forget the importance of ensuring solid management of your endpoint devices
• BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization
• The Most Important Buying Considerations in 2015
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
This document discusses how to secure corporate information on iOS and Android devices. It outlines 9 key areas to focus on: 1) unattended device control 2) password complexity 3) encryption 4) remote lock 5) remote wipe 6) detection of jailbroken/rooted devices 7) hardware/software inventory 8) restricting device features 9) using policies to enable desired features. For each area, it describes considerations and options for securing iOS and Android devices. It emphasizes the importance of device health monitoring, password/encryption enforcement, remote wipe capabilities, and using mobile device management software to consistently manage mobile endpoints.
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
The preliminary results are in - hear what more than 1,000 members of the Linkedin Infosec Community have to say about BYOD and mobile security challenges including what they are doing to combat mobile device risk and what solutions and security practices really work.
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Lumension
This document discusses using SCUP (SystemCenter Updates Publisher) to patch third-party applications with WSUS (Windows Server Update Services). It provides an overview of SCUP, the process for building software updates, and obtaining pre-built update catalogs. It describes how to define updates in SCUP, including software updates, catalogs, and publications, and publishing the updates to WSUS and SCCM (System Center Configuration Manager). It recommends importing pre-built catalogs from Lumension to simplify the process of third-party patching.
Careto: Unmasking a New Level in APT-ware Lumension
The document discusses the Careto malware, which targeted government, energy, and private organizations across 31 countries. It infected over 380 victims using spearphishing emails containing links to malicious servers. The malware installed backdoor components and a rootkit to intercept system calls, steal files and data, and communicate with command and control servers. It exploited vulnerabilities in Java, Flash, and browser plugins to install itself and establish persistence through injected DLLs.
Securing Your Point of Sale Systems: Stopping Malware and Data TheftLumension
Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack.
During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems.
•3 Critical Entry Points to POS System Attacks
•Impacts to an Organization
•Top 3 Security Measures to Minimize Risk
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...Lumension
Thanks to you, the audience at UltimateWindowsSecurity, for the 2014 Survey. It was a great success with over 600 respondents! I appreciate all of you who took the time give me your thoughts.
You’ve provided some great ideas for real training for free™ in the coming year and I’ve learned which topics are most important to you. That’s going to benefit all of us.
In this presentation, we'll present our findings. We’ll talk about the community’s top goals for 2014, which topics you recommended I cover in 2014 and what our community sees as the greatest security concerns for 2014. And we’ll discuss other trends emerging from the data.
Find out about the top trends, such as:
SIEM – What are the top SIEM solutions? What is the UWS community’s top 3 biggest challenges with log/monitoring/security analytics?
Endpoint Security – How widely is application whitelisting being used and what is driving its adoption? Which endpoint security technologies really work and which are just hype?
Mobile Devices – Are employee owned mobile devices supported at your organization? Is your biggest concern with mobile devices malware, data loss, compliance?
The Cloud – How widely are your peers embracing the cloud? Is your organization’s security policy, technology and training keeping up with the move to the cloud?
Advanced Security Topics – What are your peers doing about “big data”? What about endpoints as sensors, and other new security approaches?
This will be a fact-filled and fascinating presentation on where we are and where we are going on a host of different security fronts. Don’t miss it.
2014 Data Protection Maturity Survey: Results and AnalysisLumension
This document summarizes the results of a 2014 data protection maturity survey. It finds that while data security is increasingly seen as a strategic initiative, organizations still struggle with sufficient resources. On average, 6% of IT budgets are spent on security. The survey assessed technical, administrative, and motivational controls to determine an organization's maturity level. Most organizations fall in the standardizing or operational categories, showing some security practices but still needing improvement. The survey aims to help organizations understand their maturity and improve data protection.
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
Organizations around the world are losing intellectual property and customer data to cyber criminals at mind-boggling rates. How is this happening?
For 5 consecutive years, the annual State of the Endpoint Report, conducted by Ponemon Institute, has surveyed IT practitioners involved in securing endpoints. This year’s report reveals endpoint security risk is more difficult to minimize than ever before. What are IT pros most concerned about heading into 2014? From the proliferation of mobile devices, third party applications, and targeted attacks/APTs, endpoint security risk for 2014 is becoming more of a challenge to manage.
Larry Ponemon of the Ponemon Institute reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2014 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn:
•IT perspective on the changing threat landscape and today’s Top 5 risks;
•Disconnect between perceived risk and corresponding strategies to combat those threats;
•Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain
Windows XP is Coming to an End: How to Stay Secure Before You MigrateLumension
Microsoft will end support for Windows XP on April 8, 2014. There are still an estimated 200 million Windows XP machines worldwide, including 96% of US schools and 72% of PCs in China. Ending support means no more security updates, leaving these systems vulnerable to attack. The document outlines 5 strategies for addressing this: 1) Ignore which risks certain attacks; 2) Isolate which reduces productivity and has physical risks; 3) Extend with expensive premier support but no OS improvements; 4) Bandage with antivirus which is not a permanent solution; 5) Replace by upgrading the OS and hardware which is time-consuming and costly. The recommended strategy is to lockdown systems using application whitelisting to secure existing Windows
Adobe Hacked Again: What Does It Mean for You? Lumension
Last time it was Adobe’s code signing servers. This time it’s 2.9 million (let’s just call it 3) customers’ data and lots and lots of source code – including that of Acrobat. Adobe products already require constant patching but offer no enterprise level solution for patching. In this presentation by Ultimate Windows Security, we’ll present why this will likely lead to more and we’ll look at what we know about this latest Adobe breach.
But more importantly I’ll show what you can do in advance to protect yourself against zero-day exploits in Adobe products and programs. After all this won’t be the last time a software vendor is hacked. In this day and age we have to protect ourselves from the failures of our software providers.
I’ll present 3 ways you can go on the offensive to protect yourself from the constant vulnerabilities discovered in Adobe Reader, Acrobat, Flash and Oracle Java. Here’s what we’ll discuss:
*Alternatives to Adobe and Java
*Different ways to containing vulnerable apps in a sandbox
* Using advanced memory protection technologies to detect and stop buffer overflows and other memory based attacks
Patching and AV only helps you close the window on hacker opportunity. To prevent the window from opening in the first place you have to prevent untrusted code from ever running in the first place. That requires application whitelisting and memory protection against code injection – a growing menace that bypasses controls based on file system and EXE scanning.
That’s why Lumension is sponsoring this event. I think you’ll be interested seeing 2 of their end-point security technologies that will help protect you from the new exploits on their way as a result of this hack as well as the constant stream of exploits discovered every day.
This is going to be a really cool presentation with practical tips that you can apply. Learn how to protect your systems from other software vendor vulnerabilities.
Real World Defense Strategies for Targeted Endpoint Threats Lumension
This document discusses strategies for defending against targeted endpoint threats such as advanced persistent threats (APTs). It begins with an overview of APTs and examines targeted threat trends, including that most attacks target user devices and organizations of all sizes. It then presents a targeted threat framework involving discover, distribute, exploit, control, and execute phases. The document advocates a defense-in-depth strategy using tools like antivirus, firewalls, and patch management to detect, deny, disrupt, and defend against targeted threats throughout the attack lifecycle. It concludes with additional resources on educating users and security professionals about APTs and defense best practices.
APTs: The State of Server Side Risk and Steps to Minimize RiskLumension
This document discusses server-side risks from advanced persistent threats (APTs) and steps organizations can take to minimize those risks. It identifies technologies like application control and antivirus, as well as processes, that can help mitigate risks. It also provides links to free security tools and whitepapers on related topics from Lumension, and includes an appendix with survey responses about server security challenges and mitigation strategies.
2014 Ultimate Buyers Guide to Endpoint Security SolutionsLumension
This document provides an overview and buyer's guide for endpoint security solutions. It discusses the advanced threats facing endpoints today and techniques for protecting them, including anti-malware, endpoint hygiene practices like patch management and configuration management, device control, and endpoint security platforms. The document also covers considerations for buying an endpoint security solution like platform capabilities, cloud vs on-premise deployment, and vendor selection process.
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
The European Union’s proposed new data protection regulation aims to update Europe’s data protection laws and to provide a more consistent data protection framework across the Continent.
But the new regulation, which replaces the EU’s existing data protection directive and member states’ data protection laws, will put some new demands on organisations holding personal data. Breach disclosure and “the right to be forgotten” will force businesses to update their data protection and retention policies.
This presentation will:
- Review the current EU laws, and contrast them with laws in other parts of the world;
- Examine the arguments for strengthening data protection in Europe, and the likely outcomes;
- Look at what security teams should already be doing to put themselves ahead of legislative changes;
- Outline strategies and technologies organisations need to meet current and future data protection requirements
- Help infosecurity teams to explain the changes – and their consequences – to their boards
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
Just over a decade ago, the outcry over Microsoft’s security problems reached such a deafening level that it finally got the attention of Bill Gates, who wrote the famous Trustworthy Computing memo. Today, many would say that Microsoft leads the industry in security and vulnerability handling.
Now, it’s Java that’s causing the uproar. But has Oracle learned anything from Microsoft in handling these seemingly ceaseless problems? I’ll start by reviewing the wide-ranging Java security changes Oracle is promising to make. They sound so much like the improvements Microsoft made back with Trustworthy Computing that I’m amazed it hasn’t been done before! We’ll move on to discuss what you can do now to address Java security in your environment.
One of the banes of security with Java is the presence of multiple versions of Java, often on the same computer. Sometimes you really need multiple versions of Java to support applications with version dependencies (crazy, I know). But other times, multiple copies of Java are there “just because.” In this webinar, we’ll talk about the current Java mess and how you can get out of it, including:
Assessment. We’ll discuss ways and tools for cataloging what versions of Java are actually out there on your endpoints.
Identification. We’ll look at methods for identifying which versions are actually required by your users; for instance, I’ll show you how you might use Process Tracking and File Access events in the Windows Security Log to see which Java files are being accessed, by whom, and by which programs.
Disabling. Can you just disable Java? Maybe not for everyone, but what if you could disable it for certain roles within your company that make up 25% – or even 75% – of your workforce? That would be worth it. We’ll explore how you might go about such a measure.
Hardening. We’ll dive into the technical details of hardening Java and reducing your Java attack surface, where possible.
Filtering. Another way to reduce your Java risk is by filtering Java content at your gateway. Again not full coverage control – but what is?
Patching. Then, we’ll delve into the Java patching nightmare. Depending on self-updaters on each endpoint, is could be a recipe for disaster, and I’ll explain why. Basically the only way out of the Java mess is a 3rd party solution that can perform centralized patch management and remediation and that’s where our sponsor, Lumension, will come in.
BYOD & Mobile Security: How to Respond to the Security RisksLumension
Bring Your Own Device (BYOD) is a popular topic in 2013. Trying to understand the security risks and prepare strategies to either adopt, or decide against BYOD for security and data control reasons is the challenge.
The 160,000 member Information Security Community on LinkedIn conducted the survey "BYOD & Mobile Security 2013" to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend. With 1,600 responses, some interesting insights and patterns into BYOD were uncovered.
3 Executive Strategies to Reduce Your IT RiskLumension
Do you want to know how ‘best-of-breed’ enterprises prioritize their IT risk? Join Richard Mason, Vice President & Chief Security Officer at Honeywell, whose team is responsible for global security, during a roundtable discussion with Pat Clawson, Chairman & CEO of Lumension and Roger Grimes, Security Columnist & Author. Uncover strategies beyond traditional antivirus signatures and learn a more holistic approach to effective risk management. Find out ‘how’ and ‘why’ you can make security a prioritized function within your organization.
Join this expert panel webcast to learn how to:
1)Understand your business audiences and evaluate their risk tolerance
2)Leverage reputation management services that are appropriate for your organization
3)Utilize realistic change management to secure prioritized data depositories
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...Lumension
APTs have become a major topic of conversation – and in some cases, a critical threat – among IT security departments. But the technology and motivation behind APTs has changed significantly since the introduction of Stuxnet, continuing to evolve rapidly to avoid detection.
In this special Dark Reading presentation, a leading expert on the origins and directions of APTs will discuss the changing nature of these sophisticated threats – and how you can prepare your enterprise security environment to detect and mitigate these complex and dangerous attacks.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
2. Today’s Agenda
Introduction
Curing Your Patch Management Headache
with Lessons Learned from the Field
• Laying the Groundwork
• Before Patch Tuesday
• On Patch Tuesday
• After Patch Tuesday
Q&A
3. Today’s Panelists
Russ Ernst Jim Czyzewski
Group Product Manager Supervisor – Clinical Desktop Support
Lumension MidMichigan Medical Center
3
4. Why Is Patch Management Important
Sources of Endpoint Risk
5%
Zero-Days
30%
Missing Patches
65%
Misconfigurations
Today’s Endpoint Security Stack
AV
Device
Control
Application
Control
Patch & Configuration
Management
4
5. Benefits of a Solid Patching Process
Malware Costs Money Patching Reduces Target Size
5
6. Patch Management Best Practices
Laying the
Groundwork
Patch
After Patch Before Patch
Management
Tuesday Tuesday
Process
On Patch
Tuesday
6
15. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Prepare Resources
• Schedule Resources
» Allocate IT resources for Patch Tuesday while also integrating additional patch
release schedules from third-party applications, such as Adobe, Apple (ad
hoc), Java and so forth
» Review the patching needs of any internally-developed applications and/or
custom patches and consider deploying these patches as part of the monthly
patch cycle
• Reserve Down-Time for Servers
» Reserve time slots to be able to deploy patch updates to any mission-critical
servers within 72 hours of the Patch Tuesday release
15
16. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Watch for Pre-Announcements
16
17. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Confirm Reporting Up-to-Date
17
18. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Deploy Missing Updates and Pre-Requisites
18
20. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Study Information and Security Briefings
• Important information to consider when understanding the impact of Patch
Tuesday on your environment includes:
• Bulletin Severity
• Whether or not the vulnerability is known/publicly disclosed at the time of release
• Does the vendor know of any active exploits at the time of release
• Value of the asset being patched
20
21. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Prioritize Potential Patches
21
22. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Test and Install Patches
• Follow Internal Change Control Planning and Approval Process
• Staged Testing
• Deploy applicable bulletins to test groups
• Ensure successful deployment before rollout to additional groups in the environment
• Pay special attention to impact to custom-developed, internal applications
• Staged Deployments
22
24. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Deployment History
24
25. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Calculate Time to Deploy
25
26. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Monitor for Compliance
Mandatory Baseline
26
27. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Continuous Improvement
• Checks and Balances
» Review the Effectiveness of Patch Tuesday Remediations
• Metrics Improvement
» Modify system settings, distribution parameters and so forth to further optimize
the system for next month’s updates
» WAN optimization, polling frequency and minimizing the patches being
detected can all help further optimize performance
» Look for computers that did not receive updates at all or those that took
unusually long to receive updates
27
29. More Information
• Free Vulnerability Scanner Tool • Get a Quote (and more)
» Discover all OS and application vulnerabilities http://www.lumension.com/
on your network vulnerability-management/
http://www.lumension.com/Resources/ patch-management-software/buy-now.aspx#6
Security-Tools/Vulnerability-Scanner.aspx
• Lumension® Patch and Remediation
» Online Demo Video:
http://www.lumension.com/
vulnerability-management/
patch-management-software/demo.aspx
» Free Trial (virtual or download):
http://www.lumension.com/
vulnerability-management/
patch-management-software/free-trial.aspx
29
30. Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
info@lumension.com
http://blog.lumension.com