SlideShare a Scribd company logo

Vulnerability Malware And Risk

Chandrashekhar B
Chandrashekhar B

Recent studies have shown that 90% of security breaches involve a software vulnerability caused by a missing patch – even if the patch is made available to public. Most organisations do not realise that a vulnerable system connected to the enterprise network potentially puts the entire organisation to risk by being easy targets of cyber-attacks. Many service providers scan the network and provide a comprehensive report of the vulnerabilities existing in the end point systems. However, they do not take the next step of removing these vulnerabilities. Read this whitepaper to know how Saner ensures enterprise security by remediating vulnerabilities in the endpoints.

Technology
1 of 5
Download to read offline
Vulnerability, Malware And Risk By: Dr. Sateesh Kannegala Chief Technology Consultant, SecPod Technologies Published: 17th December 2014
Vulnerability, Malware and Risk Background Information Assurance is crucial to functioning of any organization. The ability to assure availability, confidentiality and Integrity of information is critically dependent on the health of every system connected to the organization. A typical enterprise consists of a complex network of computers. Such network of computers is prone to risk from any of the end point system connecting to the network. A vulnerable system connecting to the enterprise network potentially puts the entire organisation to risk by being easy targets of cyber-attacks. Most attacks use vulnerabilities in systems. These vulnerabilities are flawed pieces of code in the software that can, in principle, allow a malicious user to gain unauthorised access to a system. Given the complexity of software some of these vulnerabilities escape the most stringent QA scrutiny. Users and volunteer groups with constant vigilance detect and report these vulnerabilities. An interesting question that arises is: How long does it take a vulnerable computer connected to the internet to be infected with malicious software? The answer depends on the OS the computer is running. In any case, it is matter of minutes to a few hours, with Unix systems typically holding out longer than Windows operating system. (https://isc.sans.edu/survivaltime.html). Many service providers scan the network and provide a comprehensive report of the vulnerabilities existing in the end point systems. However, most of them do not take the next step of removing these vulnerabilities. In this paper we talk about how to ensure the health of all the systems that connect to the network by removing any known vulnerability in them. Saner makes this process very simple, intuitive and fast. This keeps enterprises safe from many known attacks. How Most Attackers Gain Access to a System Providing Information Assurance invariably depends on preventing unauthorized access to the end point systems. Unauthorized access to the system and controlling the system is exactly what an attacker accomplishes by exploiting vulnerabilities in the system. This makes every system in a network a potential entry point for an attack. Many complex applications run on end user computers. These software applications have vulnerabilities, weaknesses that allow potential attackers to use them to gain access to the system or cause unpredictable behaviour in the system. In this sense Vulnerabilities are the root cause for most malware attacks. It stands to reason that the systems with fewer vulnerabilities are more dependable. Every day, on an average about 30 new vulnerabilities are uncovered and published in the National Vulnerability Database (http://web.nvd.nist.gov/view/vuln/search). The time between the publication of a Vulnerability and an attack using the vulnerability is a matter of days (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf). According to Center for Strategic and International Studies, “75% of attacks use publicly known vulnerabilities in commercial software that could be prevented by regular patching” (http://csis.org/files/publication/130212_Lewis_RaisingBarCybersecurity.pdf). For most of these vulnerabilities the application vendor provides a “Patch” – an update to the software that removes the vulnerability. By keeping the systems up to date with the latest software most of these vulnerabilities may be removed.
Anti-Virus Software and Residual Risk Anti-virus (AV) software have been fairly successful in containing attacks. AV software use signature based detection of malware. They depend on the availability of the signatures or patterns that identify the virus as malicious code. While the dictionary of signatures is growing exponentially, attackers have devised clever ways of disguising their attacks to escape detection. Polymorphic codes that mutate when they execute in a host can potentially avoid detection. This can render AV software ineffective in detecting and blocking all malware attacks. More importantly, AV software is designed to detect and act on an on-going attack and prevent them. They are also effective in removing the offending piece of code after the attack. But they are not designed to do effective prevention. Thus leaving unmitigated risks in the systems. Patch – Remove the Vulnerabilities Before they can be Exploited A software patch is a piece of code designed to correct a known problem in the Software. In response to uncovered vulnerabilities, software vendors correct the offending code and release an update in the form of a patch. When the software is updated the vulnerability is removed. Sometimes patching applications as soon as a patch is made available becomes important. This is especially important when critical patches are released by a software vendor. The availability of a patch can provide the information that attackers may use to write an exploit. This could shorten the time to attack after a vulnerability is uncovered and a patch is available. The safest way to mitigate the risk of an attack is to patch the system immediately. Challenges of SW Patching Patching and keeping applications up to date is unquestionably important. However, the fact is that a significant percentage of computers are running unpatched OS and applications. Most successful cyber-attacks target unpatched systems in the network. Why then are so many systems still unpatched? Individuals may not be equipped with the knowledge or skills to accomplish effective patching. However, the patching process in an enterprise may be quite complex. In “Guide to Enterprise Patch Management Technologies”, (http://csis.org/files/publication/130212_Lewis_RaisingBarCybersecurity.pdf), NIST lists a few of these challenges: - SW Inventory management – Having an up to date inventory, with complete information about the installed version of all the software in each of the systems connected to the enterprise is important. But it is a challenging task. - Resource Overload – Software vendors release patches either bundled with many issues resolved in one, or if the issue is critical and likely to have a major impact they may release one off patch. In either case, the network bandwidth is likely to be choked with many systems downloading the required patches. - Installation Side Effects - The applied patches may alter some security configurations. Organizations should be able to identify these and remedy them for effective vulnerability management. - Effectiveness of Patching – Patches often require that the patched software be re-started or the entire system be re-started. They are ineffective unless this step is completed. Knowing that the applied patch has been effective is crucial and needs to be ascertained.
In addition there are a few other points that can complicate the patching process in an enterprise - Risk assessment and prioritization – Not all vulnerabilities pose the same level of risk. Given that the patching process in an enterprise can be elaborate, a judicious choice of patches will be necessary for optimal operations. This prioritization It is important to know vulnerabilities and the risk posed by these vulnerabilities to an organization which helps prioritizing what patches to apply, how critical they are. - Knowing what patch to apply - Once the risks are identified and prioritized, the task of identifying the appropriate patches to apply can be time consuming. How Saner Accomplishes Vulnerability Mitigation At SecPod we believe that a stitch in time saves nine. While Malware detection and cure products are still an important tool in an enterprise, they can only do a partial job. Saner identifies and removes vulnerabilities before they are exploited by attackers. With continuously updated vulnerability data the repository helps us ensure that all known vulnerabilities are detected and a patch is available to specifically address the vulnerability. How Saner Addresses Common Challenges Saner runs an agent on each of the end point systems. This helps track all the applications running on any end point system. With this architecture Saner does not need to have a central repository of all systems and the software running on them. Saner takes care of applying the patches to any known vulnerable software on the system. This overcomes the Inventory Management problem alluded to earlier. When a patch is required, every end point system will need to download the patch from either the internet or the intranet. Connecting to the internet to download patches can mean choking of the enterprise band width. Saner overcomes this by allowing enterprises to have an in house deployment. This allows the server to download the required patch once and allow the end users to get the required patch from this in-house server. This avoids multiple downloads. The individual systems will still use the intranet bandwidth to download patches. However, the intranet bandwidth is usually high enough to withstand this amount of network traffic. Another potential problem faced by enterprises is the alteration in configuration values introduced by new patches. This is handled by Saner by checking for misconfigurations. For example, if an application is set to start automatically by default, but the enterprise policy is to prevent auto start. Saner ensures that if any alterations violates the organisation policy it is detected and fixed. Such checks are made after a remediation is done to ensure that no misconfigurations exist in the system. After applying a patch, some applications require either a restart of the application or the OS. If the system is not restarted the patch is not effectively applied. Saner performs a scan immediately after the remediation (patching) is done. If the patch is not properly applied it shows up in the console as a vulnerability. In an enterprise, it may not always be practical to remediate all the vulnerabilities. Saner identifies vulnerabilities and provides information on the risk that they pose. The IT manager can make a determination of the threat posed by examining the severity of the vulnerabilities. Decisions on applying the patch can be made, armed with this information, available in Saner dashboard. Identifying the appropriate patch to apply is automated in Saner. This ensures that no extra time is required to identify the correct patch to apply; choosing which patch to apply is a matter of a few mouse clicks.
Conclusion Anti-virus software provides a means of identifying threats in an enterprise, but they are not 100 % effective on their own. Often they are unable to detect the malware before the damage has been done. In that case, Anti-Virus software can help in containing the virus and minimising the damage caused. To a large extent Anti-Virus software is a reactive approach. At SecPod we believe that prevention is better than cure. Our conviction that if vulnerabilities are removed from the system – we will be able to prevent the attack from happening. This can go a long way to provide confidence in the Confidentiality, Integrity and Availability of the information in an enterprise. We do not claim that Saner is replacement for Anti-Virus software. Robust security necessitates many layers of defence. While saner is the first line of defence, preventing the exploitation of vulnerabilities, Anti-virus software will act as a second line of defence. In such cases, Anti-Virus software will be effective. A large number of attacks can be prevented by using Saner. Saner in combination with enterprise Anti-Virus software is a much more effective solution to prevent damages from Cyber-Attacks, than using an Anti-Virus Software alone.

Recommended

Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and RiskSecPod Technologies
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygieneThiagu Haldurai
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Software Vulnerabilities Risk Remediation
Software Vulnerabilities Risk RemediationSoftware Vulnerabilities Risk Remediation
Software Vulnerabilities Risk RemediationBruce Hafner
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementJim Piechocki
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentPriyanka Aash
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesIvanti
 

Recommended

Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and RiskSecPod Technologies
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygieneThiagu Haldurai
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Software Vulnerabilities Risk Remediation
Software Vulnerabilities Risk RemediationSoftware Vulnerabilities Risk Remediation
Software Vulnerabilities Risk RemediationBruce Hafner
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementJim Piechocki
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentPriyanka Aash
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesIvanti
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Jose Lopez
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseLumension
 
Ambesh
AmbeshAmbesh
AmbeshAmbesh Sharma
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsSonatype
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
Getting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paperGetting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paperTawnia Beckwith
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment ReportHarshit Singh Bhatia
 
Understanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareUnderstanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareNicole Gaehle, MSIST
 
Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2Комсс Файквэе
 
Everything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsEverything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsIvanti
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer OverviewScott Suhy
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Frameworkjpubal
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability ManagementVicky Ames
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Skybox Security
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Quick Heal Technologies Ltd.
 

More Related Content

What's hot

Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Jose Lopez
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseLumension
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsSonatype
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
Getting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paperGetting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paperTawnia Beckwith
 
Understanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareUnderstanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareNicole Gaehle, MSIST
 
Everything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsEverything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsIvanti
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer OverviewScott Suhy
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Frameworkjpubal
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability ManagementVicky Ames
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Skybox Security
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 

What's hot (20)

Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
 
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
 
Ambesh
AmbeshAmbesh
Ambesh
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
 
Getting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paperGetting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paper
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
 
Understanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareUnderstanding Vulnerabilities in Software
Understanding Vulnerabilities in Software
 
Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2
 
Everything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsEverything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security Controls
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer Overview
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Framework
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability Management
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 

Similar to Vulnerability Malware And Risk

Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Quick Heal Technologies Ltd.
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORNeha Rana
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools usedZoe Gilbert
 
Running Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docxRunning Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docxcowinhelen
 
10 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 202310 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 2023SofiaCarter4
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxinfantsuk
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management SystemIRJET Journal
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
A software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesA software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesUltraUploader
 
Ransomware Prevention Guide
Ransomware Prevention GuideRansomware Prevention Guide
Ransomware Prevention GuideBrian Honan
 
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET Journal
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseLumension
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxtodd521
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfElanusTechnologies
 

Similar to Vulnerability Malware And Risk (20)

Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
 
SecPod Saner
SecPod SanerSecPod Saner
SecPod Saner
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
 
Running Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docxRunning Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docx
 
10 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 202310 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 2023
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docx
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
A software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesA software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer viruses
 
Ransomware Prevention Guide
Ransomware Prevention GuideRansomware Prevention Guide
Ransomware Prevention Guide
 
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
 
SentinelOne Buyers Guide
SentinelOne Buyers GuideSentinelOne Buyers Guide
SentinelOne Buyers Guide
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

Vulnerability Malware And Risk

  • 1. Vulnerability, Malware And Risk By: Dr. Sateesh Kannegala Chief Technology Consultant, SecPod Technologies Published: 17th December 2014
  • 2. Vulnerability, Malware and Risk Background Information Assurance is crucial to functioning of any organization. The ability to assure availability, confidentiality and Integrity of information is critically dependent on the health of every system connected to the organization. A typical enterprise consists of a complex network of computers. Such network of computers is prone to risk from any of the end point system connecting to the network. A vulnerable system connecting to the enterprise network potentially puts the entire organisation to risk by being easy targets of cyber-attacks. Most attacks use vulnerabilities in systems. These vulnerabilities are flawed pieces of code in the software that can, in principle, allow a malicious user to gain unauthorised access to a system. Given the complexity of software some of these vulnerabilities escape the most stringent QA scrutiny. Users and volunteer groups with constant vigilance detect and report these vulnerabilities. An interesting question that arises is: How long does it take a vulnerable computer connected to the internet to be infected with malicious software? The answer depends on the OS the computer is running. In any case, it is matter of minutes to a few hours, with Unix systems typically holding out longer than Windows operating system. (https://isc.sans.edu/survivaltime.html). Many service providers scan the network and provide a comprehensive report of the vulnerabilities existing in the end point systems. However, most of them do not take the next step of removing these vulnerabilities. In this paper we talk about how to ensure the health of all the systems that connect to the network by removing any known vulnerability in them. Saner makes this process very simple, intuitive and fast. This keeps enterprises safe from many known attacks. How Most Attackers Gain Access to a System Providing Information Assurance invariably depends on preventing unauthorized access to the end point systems. Unauthorized access to the system and controlling the system is exactly what an attacker accomplishes by exploiting vulnerabilities in the system. This makes every system in a network a potential entry point for an attack. Many complex applications run on end user computers. These software applications have vulnerabilities, weaknesses that allow potential attackers to use them to gain access to the system or cause unpredictable behaviour in the system. In this sense Vulnerabilities are the root cause for most malware attacks. It stands to reason that the systems with fewer vulnerabilities are more dependable. Every day, on an average about 30 new vulnerabilities are uncovered and published in the National Vulnerability Database (http://web.nvd.nist.gov/view/vuln/search). The time between the publication of a Vulnerability and an attack using the vulnerability is a matter of days (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf). According to Center for Strategic and International Studies, “75% of attacks use publicly known vulnerabilities in commercial software that could be prevented by regular patching” (http://csis.org/files/publication/130212_Lewis_RaisingBarCybersecurity.pdf). For most of these vulnerabilities the application vendor provides a “Patch” – an update to the software that removes the vulnerability. By keeping the systems up to date with the latest software most of these vulnerabilities may be removed.
  • 3. Anti-Virus Software and Residual Risk Anti-virus (AV) software have been fairly successful in containing attacks. AV software use signature based detection of malware. They depend on the availability of the signatures or patterns that identify the virus as malicious code. While the dictionary of signatures is growing exponentially, attackers have devised clever ways of disguising their attacks to escape detection. Polymorphic codes that mutate when they execute in a host can potentially avoid detection. This can render AV software ineffective in detecting and blocking all malware attacks. More importantly, AV software is designed to detect and act on an on-going attack and prevent them. They are also effective in removing the offending piece of code after the attack. But they are not designed to do effective prevention. Thus leaving unmitigated risks in the systems. Patch – Remove the Vulnerabilities Before they can be Exploited A software patch is a piece of code designed to correct a known problem in the Software. In response to uncovered vulnerabilities, software vendors correct the offending code and release an update in the form of a patch. When the software is updated the vulnerability is removed. Sometimes patching applications as soon as a patch is made available becomes important. This is especially important when critical patches are released by a software vendor. The availability of a patch can provide the information that attackers may use to write an exploit. This could shorten the time to attack after a vulnerability is uncovered and a patch is available. The safest way to mitigate the risk of an attack is to patch the system immediately. Challenges of SW Patching Patching and keeping applications up to date is unquestionably important. However, the fact is that a significant percentage of computers are running unpatched OS and applications. Most successful cyber-attacks target unpatched systems in the network. Why then are so many systems still unpatched? Individuals may not be equipped with the knowledge or skills to accomplish effective patching. However, the patching process in an enterprise may be quite complex. In “Guide to Enterprise Patch Management Technologies”, (http://csis.org/files/publication/130212_Lewis_RaisingBarCybersecurity.pdf), NIST lists a few of these challenges: - SW Inventory management – Having an up to date inventory, with complete information about the installed version of all the software in each of the systems connected to the enterprise is important. But it is a challenging task. - Resource Overload – Software vendors release patches either bundled with many issues resolved in one, or if the issue is critical and likely to have a major impact they may release one off patch. In either case, the network bandwidth is likely to be choked with many systems downloading the required patches. - Installation Side Effects - The applied patches may alter some security configurations. Organizations should be able to identify these and remedy them for effective vulnerability management. - Effectiveness of Patching – Patches often require that the patched software be re-started or the entire system be re-started. They are ineffective unless this step is completed. Knowing that the applied patch has been effective is crucial and needs to be ascertained.
  • 4. In addition there are a few other points that can complicate the patching process in an enterprise - Risk assessment and prioritization – Not all vulnerabilities pose the same level of risk. Given that the patching process in an enterprise can be elaborate, a judicious choice of patches will be necessary for optimal operations. This prioritization It is important to know vulnerabilities and the risk posed by these vulnerabilities to an organization which helps prioritizing what patches to apply, how critical they are. - Knowing what patch to apply - Once the risks are identified and prioritized, the task of identifying the appropriate patches to apply can be time consuming. How Saner Accomplishes Vulnerability Mitigation At SecPod we believe that a stitch in time saves nine. While Malware detection and cure products are still an important tool in an enterprise, they can only do a partial job. Saner identifies and removes vulnerabilities before they are exploited by attackers. With continuously updated vulnerability data the repository helps us ensure that all known vulnerabilities are detected and a patch is available to specifically address the vulnerability. How Saner Addresses Common Challenges Saner runs an agent on each of the end point systems. This helps track all the applications running on any end point system. With this architecture Saner does not need to have a central repository of all systems and the software running on them. Saner takes care of applying the patches to any known vulnerable software on the system. This overcomes the Inventory Management problem alluded to earlier. When a patch is required, every end point system will need to download the patch from either the internet or the intranet. Connecting to the internet to download patches can mean choking of the enterprise band width. Saner overcomes this by allowing enterprises to have an in house deployment. This allows the server to download the required patch once and allow the end users to get the required patch from this in-house server. This avoids multiple downloads. The individual systems will still use the intranet bandwidth to download patches. However, the intranet bandwidth is usually high enough to withstand this amount of network traffic. Another potential problem faced by enterprises is the alteration in configuration values introduced by new patches. This is handled by Saner by checking for misconfigurations. For example, if an application is set to start automatically by default, but the enterprise policy is to prevent auto start. Saner ensures that if any alterations violates the organisation policy it is detected and fixed. Such checks are made after a remediation is done to ensure that no misconfigurations exist in the system. After applying a patch, some applications require either a restart of the application or the OS. If the system is not restarted the patch is not effectively applied. Saner performs a scan immediately after the remediation (patching) is done. If the patch is not properly applied it shows up in the console as a vulnerability. In an enterprise, it may not always be practical to remediate all the vulnerabilities. Saner identifies vulnerabilities and provides information on the risk that they pose. The IT manager can make a determination of the threat posed by examining the severity of the vulnerabilities. Decisions on applying the patch can be made, armed with this information, available in Saner dashboard. Identifying the appropriate patch to apply is automated in Saner. This ensures that no extra time is required to identify the correct patch to apply; choosing which patch to apply is a matter of a few mouse clicks.
  • 5. Conclusion Anti-virus software provides a means of identifying threats in an enterprise, but they are not 100 % effective on their own. Often they are unable to detect the malware before the damage has been done. In that case, Anti-Virus software can help in containing the virus and minimising the damage caused. To a large extent Anti-Virus software is a reactive approach. At SecPod we believe that prevention is better than cure. Our conviction that if vulnerabilities are removed from the system – we will be able to prevent the attack from happening. This can go a long way to provide confidence in the Confidentiality, Integrity and Availability of the information in an enterprise. We do not claim that Saner is replacement for Anti-Virus software. Robust security necessitates many layers of defence. While saner is the first line of defence, preventing the exploitation of vulnerabilities, Anti-virus software will act as a second line of defence. In such cases, Anti-Virus software will be effective. A large number of attacks can be prevented by using Saner. Saner in combination with enterprise Anti-Virus software is a much more effective solution to prevent damages from Cyber-Attacks, than using an Anti-Virus Software alone.