This document discusses patch and vulnerability management. It begins with an agenda that covers why patch management matters, its relationship to risk management and penetration testing, how to implement patch and vulnerability management, establish metrics, plan ahead, and draw conclusions. It then discusses key aspects of patch and vulnerability management including monitoring vulnerabilities, establishing priorities, managing knowledge of vulnerabilities and patches, testing patches, implementing patches, verifying implementation, and improving the process. The goal is to reduce risk by addressing vulnerabilities through a structured patch management program.
Patch management is critical to reducing your attack surface and keeping your endpoints and business running smoothly. Unfortunately, it's also a process that must be repeated weekly, monthly, quarterly, and whenever critical fixes have been identified for your environment. The good news is: with the right tools and some advance planning, this process can run smoothly and leave your IT team with more time to support core business goals.
Join us to learn about trends in patch management, including the latest ways Ivanti is helping Security and IT teams work together like a well-oiled machine.
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
This presentation covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets.
Key take-aways:
* Integrating the 3 critical factors - people, processes & technology
* Saving time and money via automated tools
* Anticipating and overcoming common Vulnerability Management roadblocks
* Meeting security regulations and compliance requirements with Vulnerability Management
Patching is a hot topic in security breach after security breach. Patch management is likely the most well established security control out there, so why do so many companies struggle to achieve a good patch management strategy? Join us as we discuss the pitfalls of patching, the complications that still plague us, and best practices to help you fine tune your process—with a dash of just plain common sense thrown in. We will also look at ways Ivanti can help you get a handle on patch management using our latest security innovation, Patch Intelligence.
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
You can tune in for the full webinar recording here: https://www.beyondtrust.com/resources/webinar/10-steps-to-building-an-effective-vulnerability-management-program/
In this presentation from the webinar by cyber security expert Derek A, Smith, hear a step-by-step overview of how to build an effective vulnerability management program. Whether your network consists of just a few connected computers or thousands of servers distributed around the world, this presentation discusses ten actionable steps you can apply whether its to bolster your existing vulnerability management program--or building one from scratch.
Patch management is critical to reducing your attack surface and keeping your endpoints and business running smoothly. Unfortunately, it's also a process that must be repeated weekly, monthly, quarterly, and whenever critical fixes have been identified for your environment. The good news is: with the right tools and some advance planning, this process can run smoothly and leave your IT team with more time to support core business goals.
Join us to learn about trends in patch management, including the latest ways Ivanti is helping Security and IT teams work together like a well-oiled machine.
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
This presentation covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets.
Key take-aways:
* Integrating the 3 critical factors - people, processes & technology
* Saving time and money via automated tools
* Anticipating and overcoming common Vulnerability Management roadblocks
* Meeting security regulations and compliance requirements with Vulnerability Management
Patching is a hot topic in security breach after security breach. Patch management is likely the most well established security control out there, so why do so many companies struggle to achieve a good patch management strategy? Join us as we discuss the pitfalls of patching, the complications that still plague us, and best practices to help you fine tune your process—with a dash of just plain common sense thrown in. We will also look at ways Ivanti can help you get a handle on patch management using our latest security innovation, Patch Intelligence.
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
You can tune in for the full webinar recording here: https://www.beyondtrust.com/resources/webinar/10-steps-to-building-an-effective-vulnerability-management-program/
In this presentation from the webinar by cyber security expert Derek A, Smith, hear a step-by-step overview of how to build an effective vulnerability management program. Whether your network consists of just a few connected computers or thousands of servers distributed around the world, this presentation discusses ten actionable steps you can apply whether its to bolster your existing vulnerability management program--or building one from scratch.
VAPT defines the security measures that are supposed to be put in place to address cyber threats. There are plenty of strategies that can be adopted in Pen Testing which include Black Box Pen Test, White Box Pen Text, Hidden Pen Test, Internal Pen Test, and Gray Box Testing. It is mandatory that VAPT is conducted in order to deter cyber-attacks that are on the upsurge daily. These VAPT ranges from Mobile, Network Penetration Testing, and Vulnerability Assessments.
There are many merits to VAPT in your business which include early error detection in program codes which will prevent cyber attacks. Most companies lose billions of dollars due to cyber-attacks. With VAPT, it guarantees that all loopholes are tightened before an intrusion transpires.
Derek Milroy, IS Security Architect at U.S. Cellular Corporation, defined “vulnerability management” and how it affects today’s organizations during his presentation at the 2014 Chief Information Security Officer (CISO) Leadership Forum in Chicago on Nov. 19. In his presentation, “Enterprise Vulnerability Management/Security Incident Response,” Milroy noted vulnerability management has different meanings to different organizations, but an organization that utilizes vulnerability management processes can effectively safeguard its data.
According to Milroy, an organization should develop its own vulnerability management baselines to monitor its security levels. By doing so, Milroy said an organization can launch and control vulnerability management systems successfully. In addition, Milroy pointed out that vulnerability management problems occasionally will arise, but a well-prepared organization will be equipped to handle such issues: “Problems are going to happen … You have to work with your people. This can translate to any tool that you’re putting in place. Make sure your people have plans for what happens when it goes wrong, because it’s going to [happen] every single time.”
Milroy also noted that having actionable vulnerability management data is important for organizations of all sizes. If an organization evaluates its vulnerability management processes regularly, Milroy said, it can collect data and use this information to improve its security: “The simplest rule of thumb for vulnerability management, click the report, hand the report to someone. Don’t ever do that. There is no such thing as a report from a tool that you can just click and hand to someone until you first tune it and pare it down.”
- See more at: http://www.argylejournal.com/chief-information-security-officer/enterprise-vulnerability-managementsecurity-incident-response-derek-milroy-is-security-architect-u-s-cellular-corporation/#sthash.Buh6CzLS.dpuf
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Link to Youtube video: https://youtu.be/OJMqMWnxlT8
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Threat Modeling(system+ enterprise)
What is Threat Modeling?
Why do we need Threat Modeling?
6 Most Common Threat Modeling Misconceptions
Threat Modelling Overview
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
Threat Modeling Approaches
Threat Modeling Methodologies for IT Purposes
STRIDE
Threat Modelling Detailed Flow
System Characterization
Create an Architecture Overview
Decomposing your Application
Decomposing DFD’s and Threat-Element Relationship
Identify possible attack scenarios mapped to S.T.R.I.D.E. model
Identifying Security Controls
Identify possible threats
Report to Developers and Security team
DREAD Scoring
My Opinion on implementing Threat Modeling at enterprise level
Enterprise Vulnerability Management: Back to BasicsDamon Small
Vulnerability Management is the lifecycle of identifying and remediating vulnerabilities in an organization's enterprise. A number of companies are starting to do this well, but in some cases, focus on advanced and emerging threats has had the unintended consequence of leaving Vulnerability Management unattended. Defense is actually hard work and people aren't doing it as well as they should! Considered in the context of asymmetric warfare, Blue Teaming is more difficult than Red Teaming. Coupled with the fact that most vulnerabilities do not actually suffer from advanced attacks and 0-days, Vulnerability Management must be the cornerstone of any Information Assurance Program.
The speakers, Kevin Dunn and Damon Small, will describe the key elements of a mature Vulnerability Management Program (VMP) and the pitfalls encountered by many organizations as they try to implement it. Dunn and Small will include detailed examples of why purchasing the scanner should be one of the last decisions made in this process, and what the attendee must do to ensure the successful defense of company assets and data. This session will cover:
- Vulnerability Management: What is it good for?
- What is it not good for?
- How do I make a real difference?
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
We are rapidly approaching the next era of security where we need to be focused on the ability to recover from irrecoverable attacks. This can also be defined as resiliency. The traditional view of resiliency attempts to quickly restore assets that support services that we care about. This new approach/paradigm looks at resilience in ways that promote design patterns (distributed, immutable, ephemeral) where we do not care about a given asset at all while still keeping the overall service functioning. This new approach allows us to avoid having to deal with security at all.
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
The document provides the structure and content for a general technical proposal based Symantec Data Loss Prevention. Please ensure that if being used, the latest information is provided.
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
VAPT defines the security measures that are supposed to be put in place to address cyber threats. There are plenty of strategies that can be adopted in Pen Testing which include Black Box Pen Test, White Box Pen Text, Hidden Pen Test, Internal Pen Test, and Gray Box Testing. It is mandatory that VAPT is conducted in order to deter cyber-attacks that are on the upsurge daily. These VAPT ranges from Mobile, Network Penetration Testing, and Vulnerability Assessments.
There are many merits to VAPT in your business which include early error detection in program codes which will prevent cyber attacks. Most companies lose billions of dollars due to cyber-attacks. With VAPT, it guarantees that all loopholes are tightened before an intrusion transpires.
Derek Milroy, IS Security Architect at U.S. Cellular Corporation, defined “vulnerability management” and how it affects today’s organizations during his presentation at the 2014 Chief Information Security Officer (CISO) Leadership Forum in Chicago on Nov. 19. In his presentation, “Enterprise Vulnerability Management/Security Incident Response,” Milroy noted vulnerability management has different meanings to different organizations, but an organization that utilizes vulnerability management processes can effectively safeguard its data.
According to Milroy, an organization should develop its own vulnerability management baselines to monitor its security levels. By doing so, Milroy said an organization can launch and control vulnerability management systems successfully. In addition, Milroy pointed out that vulnerability management problems occasionally will arise, but a well-prepared organization will be equipped to handle such issues: “Problems are going to happen … You have to work with your people. This can translate to any tool that you’re putting in place. Make sure your people have plans for what happens when it goes wrong, because it’s going to [happen] every single time.”
Milroy also noted that having actionable vulnerability management data is important for organizations of all sizes. If an organization evaluates its vulnerability management processes regularly, Milroy said, it can collect data and use this information to improve its security: “The simplest rule of thumb for vulnerability management, click the report, hand the report to someone. Don’t ever do that. There is no such thing as a report from a tool that you can just click and hand to someone until you first tune it and pare it down.”
- See more at: http://www.argylejournal.com/chief-information-security-officer/enterprise-vulnerability-managementsecurity-incident-response-derek-milroy-is-security-architect-u-s-cellular-corporation/#sthash.Buh6CzLS.dpuf
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Link to Youtube video: https://youtu.be/OJMqMWnxlT8
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Threat Modeling(system+ enterprise)
What is Threat Modeling?
Why do we need Threat Modeling?
6 Most Common Threat Modeling Misconceptions
Threat Modelling Overview
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
Threat Modeling Approaches
Threat Modeling Methodologies for IT Purposes
STRIDE
Threat Modelling Detailed Flow
System Characterization
Create an Architecture Overview
Decomposing your Application
Decomposing DFD’s and Threat-Element Relationship
Identify possible attack scenarios mapped to S.T.R.I.D.E. model
Identifying Security Controls
Identify possible threats
Report to Developers and Security team
DREAD Scoring
My Opinion on implementing Threat Modeling at enterprise level
Enterprise Vulnerability Management: Back to BasicsDamon Small
Vulnerability Management is the lifecycle of identifying and remediating vulnerabilities in an organization's enterprise. A number of companies are starting to do this well, but in some cases, focus on advanced and emerging threats has had the unintended consequence of leaving Vulnerability Management unattended. Defense is actually hard work and people aren't doing it as well as they should! Considered in the context of asymmetric warfare, Blue Teaming is more difficult than Red Teaming. Coupled with the fact that most vulnerabilities do not actually suffer from advanced attacks and 0-days, Vulnerability Management must be the cornerstone of any Information Assurance Program.
The speakers, Kevin Dunn and Damon Small, will describe the key elements of a mature Vulnerability Management Program (VMP) and the pitfalls encountered by many organizations as they try to implement it. Dunn and Small will include detailed examples of why purchasing the scanner should be one of the last decisions made in this process, and what the attendee must do to ensure the successful defense of company assets and data. This session will cover:
- Vulnerability Management: What is it good for?
- What is it not good for?
- How do I make a real difference?
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
We are rapidly approaching the next era of security where we need to be focused on the ability to recover from irrecoverable attacks. This can also be defined as resiliency. The traditional view of resiliency attempts to quickly restore assets that support services that we care about. This new approach/paradigm looks at resilience in ways that promote design patterns (distributed, immutable, ephemeral) where we do not care about a given asset at all while still keeping the overall service functioning. This new approach allows us to avoid having to deal with security at all.
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
The document provides the structure and content for a general technical proposal based Symantec Data Loss Prevention. Please ensure that if being used, the latest information is provided.
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
How the Cloud Shifts the Burden of Security to DevelopmentErika Barron
The move to the cloud brings a number of new security challenges, but the application remains your last line of defense. Developers are extremely well-poised to perform tasks critical for securing the application—provided that certain key obstacles are overcome. [Presented at Cloud Expo - November 2014]
Security misconfiguration is the implementation of improper security controls, such as for servers or application configurations, network devices, etc. that may lead to security vulnerabilities. For example, insecure configuration of web applications could lead to numerous security flaws including: Incorrect folder permissions
Product Engineering teams have started to realize the importance of software security. This has resulted in the trend where teams are taking efforts to include it as part of their software development life cycle; as opposed to treating it as another item in their checklist prior to release. However, the real challenge is in trying to find the balance between agility and quality which is where many team find this an uphill task.
While there is no golden standard when it comes to implementing software security, product teams should focus on bringing about systematic and cultural practices within their teams. This should help them to bring about the required efficiency to enable software security as a market differentiator.
This slide-deck on Software Security Initiative focuses on translating a plan of action into sustainable activities as part of the secure software development life cycle that can be adopted by engineering teams. The slides will delve deep into aspects like identifying and designing security checkpoints in the SDLC alongside concepts such as Threat Modelling in Agile, AppSec Toolchain and Security Regressions.
This was presented as a we45 Webinar on April 12, 2018
Secure Your WordPress Site - And Your BusinessStacy Clements
You installed a security plugin, and you don’t get much traffic anyway since your business is small…so you don’t need to worry about getting hacked, right? Think again! Security incidents are on the rise, and small businesses are easy targets. You may not have a lot of money to invest, but you can learn a framework to help you get a better grasp on security for your website and your business.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
This presentation talks about the focus towards building security in the software development life cycle and covers details related to Reconnaissance, Scanning and Attack based test design and execution approach.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Similar to Patch and Vulnerability Management (20)
The cloud provides freedom to innovate, cost reduction and ramp-up speed but introduces new threats that must be analyzed and balanced in order to take the most of it in a secure manner.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
2. Agenda
§ Why does it matter?
§ Relationship
§ with Risk Management
§ with Penetration Test
§ Patch and Vulnerability Management
§ Establishing metrics
§ Planning ahead
§ Conclusion
3. § Assets
§ 1 – Business processes (or sub-processes) and activities,
for example:
§ Processes whose loss or degradation make it impossible to
carry out the mission of the organization
§ Processes that contain secret processes or processes involving
proprietary technology
§ Processes that, if modified, can greatly affect the
accomplishment of the organization's mission
§ Processes that are necessary for the organization to comply
with contractual, legal or regulatory requirements
Source: ISO/IEC 27005:2011 B.1
Why does it matter?
4. § Assets
§ 2 – Information
§ Vital information for the exercise of the organization's
mission or business
§ Personal information, as can be defined specifically in the
sense of the national laws regarding privacy
§ Strategic information required for achieving objectives
determined by the strategic orientations
§ High-cost information whose gathering, storage, processing
and transmission require a long time and/or involve a high
acquisition cost
Source: ISO/IEC 27005:2011 B.1
Why does it matter?
5. § Vulnerabilities: Software or configuration flaws
that weaken the security of an asset
§ Ex: Used to gain access to a system
§ Controls
§ Software patches
§ Configuration changes
§ Flawed software or service removal
§ Threats: Exploit vulnerabilities and cause damage to
the asset
§ Ex: exploit scripts, worms, viruses, rootkits e Trojan
horses
Why does it matter?
15. Why does it matter?
The more we
use…
The less we
need to use…
Vulnerability
Management
Changes
Management
Configuration
Management
Incident
Management
Business
Continuity
Management
16. Agenda
§ Why does it matter?
§ Relationship
§ with Risk Management
§ with Penetration Test
§ Patch and Vulnerability Management
§ Establishing metrics
§ Planning ahead
§ Conclusion
19. Relationship
Vulnerability
Assessment
Usually has a broader scope
than Penetration Test
Predictable, because network
adm is aware of the tools
being used
May include several false
postitives
Produces a report with
recommendations for risk
reduction
Penetration
Test
Exploits specific attack
vectors (services or assets)
May happen unannounced, to
test incident response
Trustworthy because provides
evidence of break in (root!)
Pen Testing = Proof of
Concept against
vulnerabilities
Produces a binary result: got
root or not
20. Agenda
§ Why does it matter?
§ Relationship
§ with Risk Management
§ with Penetration Test
§ Patch and Vulnerability Management
§ Establishing metrics
§ Planning ahead
§ Conclusion
21. Patch and Vulnerability Management
Monitor
vulnerabilities
Establish
priorities
Manage
knowledge
Test patch
Implement
patch
Verify
implementation
Improve the
process
24. Monitor vulnerabilities
§ Some sources of alerts
§ NIST NVD
§ nvd.nist.gov
§ CVE
§ cve.mitre.org
§ US-CERT
§ us-cert.gov
§ CERT.BR
§ cert.br
§ Vendor site and e-mail lists
25. Monitor vulnerabilities
§ Scope Definition
§ Avoid the situation where the Organization is aware of a
serious security flaw. If there is awareness and no
patching, there is no due diligence
§ If a security incident is related to a known vulnerability not
patched by the Organization, it may open a possibility to
claims of damage
Vulnerability analysis without patching has little value
Little analysis and lots of patching is better than lots of
analysis and little patching
26. Patch and Vulnerability Management
Monitor
vulnerabilities
Establish
priorities
Manage
knowledge
Test patch
Implement
patch
Verify
implementation
Improve the
process
32. Patch and Vulnerability Management
Monitor
vulnerabilities
Establish
priorities
Manage
knowledge
Test patch
Implement
patch
Verify
implementation
Improve the
process
33. Manage knowledge
§ Maintaining a database
§ Manually maintained databases should contain
instructions on removing vulnerabilities by installing
patches or performing workarounds, as well as the actual
patches when applicable
§ Linking resources
§ While the creation of a database is recommended,
resource constraints may limit an organization to listing
only Web sites or specific Uniform Resource Locators
(URL) for each patch
34. Patch and Vulnerability Management
Monitor
vulnerabilities
Establish
priorities
Manage
knowledge
Test patch
Implement
patch
Verify
implementation
Improve the
process
35. Test patch
§ Many vendors provide mechanisms of authentication
§ Patches should have their authenticity verified, using PGP or
digital certificates
§ Antivirus software should scan all patches before
installation
§ And before that, make sure the antivirus and its signature
database are updated
§ Patches e configuration changes should be tested in the
testing environment, they can bring unexpected results
§ Some patches are extremely complicated and largely affect the
operating system by replacing files and changing system
settings
36. Test patch
§ Uninstallation option (undo) must be seriously taken
into consideration
§ Even though, sometimes the uninstallation process
cannot bring the system back to its previous state
38. Patch and Vulnerability Management
Monitor
vulnerabilities
Establish
priorities
Manage
knowledge
Test patch
Implement
patch
Verify
implementation
Improve the
process
40. Implement patchReduceRisk
• There is no
“zero risk”.
• To cancel the
operation avoids
the risk but may
not be the best
option.
• The objective is
to make money
with adequate
risks.
TransferRisk
• Insurance won’t
transfer risk. It
will only transfer
risk of financial
losses.
• Health
insurance won’t
transfer death
risk. Life
insurance? Not
a chance.
• Control cost is
the cost of
insurance.
AcceptRisk
• May not be so
bad. Depends
on factors and
costs.
• A soccer coach
knows there is
about 50/50
chance of
winning the
match, even
managing the
stronger team.
• Risk is inherent
to business.
42. Implement patch
§ Threat exposure
§ Determinate the real meaning of the threat or vulnerability
and which systems are vulnerable or exposed, focusing
on critical systems
§ Determinate the risk of applying the patch and if the patch
affects the functionality of other applications and services
(should also be addressed in Changes Management)
43. Implement patch
§ Recent backup
§ Before making any changes, it is better to make sure
there is a recent backup copy. This way, it is easier to
restore the environment
§ Many assets
§ Patch implementation gets very hard when there are
thousands of assets. Automated solutions (EPM –
Enterprise Patch Management) may be the answer.
44. Implement patch
§ Delay of patch implementation must be carefully
considered
§ Threat level
§ Internet accessible assets, many systems to be patched
§ Exploitation risk
§ If the vulnerability may be easily exploited, the patch (or virtual
patch) should be immediately installed
§ Exploitation consequences
§ Critical systems or systems containing sensitive information
should be patched as soon as possible
45. Implement patch
§ Possible problems
§ The instalation agent may reduce performance or make
the systems uninstable
§ Patches may be incompatible with other softwares
§ User may lose informatgion when the agents reboots the
system to install the patch
§ EPM agent may be itself another security threat
§ Mobile users may have problem when EPM tries to install
a large amount of patches as the user logs on
46. Implement patch
§ Determinate root cause
§ Many vulnerabilities are the result of poorly formed
system configuration or user administration policies, and
inadequate provisioning or change management
processes.
§ Eliminating root causes requires improvements in the
policies and processes that are used to provision,
configure and change systems, and administer users.
47. Patch and Vulnerability Management
Monitor
vulnerabilities
Establish
priorities
Manage
knowledge
Test patch
Implement
patch
Verify
implementation
Improve the
process
48. Verify implementation
§ Verify that files and settings were changed as
specified by the vendor
§ Run a vulnerability scanner
§ Make sure patches were installed by log review
§ Make use of penetration testing services to make
sure that the vulnerability was patched
49. Patch and Vulnerability Management
Monitor
vulnerabilities
Establish
priorities
Manage
knowledge
Test patch
Implement
patch
Verify
implementation
Improve the
process
50. Improve the process
§ Training
§ Automated patch management solutions
§ Enterprise patch management
§ Learned lessons
§ Implementation flaws
§ Slow bandwidth and processing power
§ User permissions
§ Best date and time
51. Agenda
§ Why does it matter?
§ Relationship
§ with Risk Management
§ with Penetration Test
§ Implementing Patch and Vulnerability Management
§ Establishing metrics
§ Planning ahead
§ Conclusion
52. § Every organization should consistently measure the
effectiveness of its patch and vulnerability management
program and apply corrective actions as necessary.
§ Without such a capability, even the best-designed security
architectures can be susceptible to penetration or other
forms of exploit.
Establishing metrics
Metric Name (Example) Units
Vulnerability ratio Vulnerabilities/Host
Unapplied patches ratio Patches/Host
Network services ratio Services/Host
Response time for vulnerability and patch
identification
Time
Patch response time (critical) Time
53. Agenda
§ Why does it matter?
§ Relationship
§ with Risk Management
§ with Penetration Test
§ Implementing Patch and Vulnerability Management
§ Establishing metrics
§ Planning ahead
§ Conclusion
54. § Acting before the infection
§ For any single vulnerability for which a widespread worm
will be created, manual monitoring and patching is much
more cost-effective than responding to a worm infection
§ Enterprise Patch Management (EPM)
§ Given that patches are constantly released, manual
patching becomes prohibitively expensive unless the
operating environment consists of only a few software
packages (thus decreasing the total number of patches
needed)
Planning ahead
55. § Enterprise patch management
§ All moderate to large-size organizations should be
using EPM
§ Even small organizations should be migrating to
some form of automated patching tool
§ Manual patching is becoming ineffective as the
number of patches grows and as attackers develop
exploit code more rapidly
§ Only uniquely configured computers and appliance-
based devices should continue to be patched
manually
Planning ahead
56. Planning ahead
§ Types of EPM
§ There are two primary categories of enterprise patch
management tools
§ those that use agents
§ those that do not
§ Some products support both approaches and allow the
administrator to choose the approach that is most efficient
for the environment
57. § New acquisitions
§ Consider less complicated products. More code, features,
and services can mean more bugs, vulnerabilities, and
patches
§ Delay implementing recently released major operating
systems or applications until the experiences of others
can be included in the decision-making process
§ Consider software validated by independent testing. For
the greatest assurance, the software’s source code
should be evaluated
§ Use only versions of software that are currently
supported. Obsolete software beyond its lifecycle often
has flaws that are only addressed in the newer, supported
versions
Planning ahead
58. § Standardization
§ The standard configuration will likely include the following
items
§ Hardware type and model
§ Operating system version and patch level
§ Major installed applications (version and patch level)
§ Security settings for the operating system and applications.
§ In many cases, these standardized configurations can be
maintained centrally, and changes can be propagated to
all participating IT resources.
Planning ahead
59. § Post incident patching
§ Patching after a security compromise is significantly more
complicated than merely applying the appropriate patch
§ The vulnerability that was exploited must be patched
§ It will not eliminate rootkits, backdoors, or most other changes
that might have been introduced by the intruder
§ For example, the Code Red II worm placed backdoors on
compromised systems, and later the Nimda worm
exploited those backdoors
§ A compromised system should be reformatted and
reinstalled or restored from a known safe and trusted
backup
Planning ahead
60. Agenda
§ Why does it matter?
§ Relationship
§ with Risk Management
§ with Penetration Test
§ Implementing Patch and Vulnerability Management
§ Establishing metrics
§ Planning ahead
§ Conclusion
61. Conclusion
§ There must be a Vulnerability Management process
§ Little analysis and lots of patching
§ Network administration must be kept informed of
disclosed vulnerabilities
§ The environment should be standardized and well-documented
§ All changes must go through Changes Management
§ Every change must be tested at the testing environment
§ An automated process of patch installation may have the
best cost/benefit
62. References
§ NIST
§ SP 800-40
§ Creating a Patch and Vulnerability Management Program
§ SP 800-115
§ Technical Guide to Information Security Testing and Assessment
§ CVE
§ http://measurablesecurity.mitre.org/directory/areas/
vulnerabilitymanagement.html
§ ISO/IEC 29147:2014
§ gives guidelines for the disclosure of potential vulnerabilities in
products and online services. It details the methods a vendor
should use to address issues related to vulnerability disclosure.
§ ISO/IEC 30111:2013
§ gives guidelines for how to process and resolve potential
vulnerability information in a product or online service.