Upload
kenny-buntinx
View
94
Download
2
Tags:
Embed Size (px)
Citation preview
Addressing the challenge of
patch management with The
Secunia CSI and System Center
ConfigMngrWilliam Melby, Regional Director, Secunia
Kent Agerlund, MVP, Coretech
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing
2
Company OverviewBrief Secunia facts
Established: 2002
HQ: Copenhagen, Denmark
Regional office: Minneapolis, USA
Regional development office:
Bucharest, Romania
Ongoing collaboration with
leading industry organizations
Trusted advisor to thousands of
organizations, including CERTS
and ISACs, the White House,
NATO, NIST, NERC and Mitre.
Employees: 96 FTE’s, 25
Nationalities
Ownership: DKA Capital
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing
3
Where does the raw intel come from?
Meta-crawler engine searching 3,000 sources
Good relationship with software vendors
Good relationship to community / coordinated disclosure via Secunia
In-house research
What happens with the raw data?
Secunia verifies
Secunia standardizes
How does Secunia Research work?
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing
4
Research TeamThe heart and soul of Secunia; the eyes and ears of the industry
One of the largest Vulnerability
Intelligence databases on the
market• Database contains
vulnerabilities in software
products since 2003.
• 50,000+ programs,
applications and plug-ins
from thousands of
software vendors.
• Fully CVE compliant.
Data is tested and
verified by Secunia’s
researchers.
• The database is unique
to Secunia and is
Secunia IP.
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing
5
Solutions Portfolio
Reliable, transparent, integrated, cloud-deployed solutions
Free version for smartphones and tablets
Scans apps downloaded from Google Play as
well as apps from external sources
Alerts users to apps with known vulnerabilities
Checks that security updates are performed
quickly
Personal Software Inspector (PSI) PSI for Android
Consum
er
Free tool for Vulnerability Management
Safeguard data from cybercriminals
Scans software on PCs and identifies insecure
programs
Automatically applies software security updates to
keep PCs secure
Corp
ora
te
Corporate Software Inspector (CSI) Vulnerability Intelligence Manager (VIM)
Targeted, flexible Patch Management Secures and updates vital applications
The complete A-Z: Vulnerability Intelligence and
Scanning plus Patch Creation and Deployment
Microsoft System Center 2012 and WSUS
integration
Scans PCs and Apple Mac OS X
Tactical handling of vulnerability threatsEnables pre-emptive action against
vulnerabilities in a simple, cost-effective way
Delivers real-time vulnerability alerts
No installation required
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing
6
13,073 vulnerabilities were discovered in 2,289 vulnerable products.
Vulnerabilities in All Products in 2013: 13,073A 45% increase in vulnerabilities (5 year trend)
Source: “Secunia Vulnerability Review 2014.” https://secunia.com/vulnerability-review/
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing
7
In 2013 there were less third-party programs in a typical software portfolio, yet these programs
accounted for the majority of vulnerabilities. It is not enough to only patch Microsoft programs or
the ‘usual suspects’.
Enterprise Challenge: Knowing What to PatchSecunia brings visibility and solutions to vulnerability threats
Source: “Secunia Vulnerability Review 2014.” http://secunia.com/vulnerability-review/
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing
8
86% of vulnerabilities had patches available on the day of disclosure.
You can patch most vulnerabilities – the trick is knowing what to patch.
Time to Patch! Top 50 Software PortfolioPatch availability on the day of disclosure is increasing
Source: “Secunia Vulnerability Review 2014.” https://secunia.com/vulnerability-review/
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing10-03-2015
10
From Patch Management to Software Vulnerability
Management
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing10-03-2015
11
The only security solution for patch management
Rich security content: Vulnerability Intelligence
Proprietary vulnerability database
Software inventory scanner: 20,000+ applications
Tested patches
Secunia Packaging System:
Disabled adware, EULA, shortcuts
Single-click configuration options
Enterprise ready
The Secunia CSIHow we are different
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing10-03-2015
12
Patch Management = Patch deployment
No synergy between security assessment and patch
activities
Focus on the most common applications
Dependency on vendor information
Non prioritized patching process
Non rated patch content (criticality)
Focus on content rather than assessment and
prioritization
Patch ManagementChallenges and Misconceptions
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing10-03-2015
13
The Secunia CSIWe support the entire Software Vulnerability Management Lifecycle
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing
14
Introduction to the Secunia CSICombining scanning and patching to meet the requirements of both IT security and
operations
It’s not enough to detect the
vulnerabilities if you can’t
patch them. It’s not enough to
have the patches, if you don’t
know where to apply them.
Secunia CSI gives you the when, the
where, the what and the how:
This combination of vulnerability
intelligence, vulnerability scanning, patch
creation and patch deployment is unique
in the industry.
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing
15
Coverage
Scan/assess the security state of
practically all legitimate programs
running on Microsoft Windows
Platforms.
Scanning support for Windows,
Apple Mac OS X, Red Hat
Enterprise Linux (RHEL) and
Android platforms.
Sources Secunia’s Vulnerability
Intelligence Database, covering
all off-the-shelf programs.
CSI Feature HighlightsComplete, flexible, unique – it works the way you do
Overview
Smart Groups filter and
segment data according to
products, devices or
advisories.
User group accounts based
on roles and permissions.
Exact mapping of
infrastructure and users to
ensure environments are in
sync.
Integration
Manage and publish packages
using third-party patch deployment
solutions (Microsoft
WSUS/System Center 2012 or
Altiris).
Secunia VIM: automatically
create/update asset lists based on
Secunia CSI’s scan results.
Secunia PSI 3.0/PSI for Android:
manage decentralized
PCs/Android devices.
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing
16
Management
Comply with regulatory standards (e.g. PCI-DSS or NERC-
CIP) regarding the patching of programs.
Utilize your existing infrastructure to enforce security levels,
i.e. Microsoft System Center 2012.
Enable policy enforcement and document your compliance
efforts in the case of a breach.
Operations
An overview of the security state of all programs installed
across endpoints and servers for effective prioritization of
patching efforts.
Cross-platform scanning and patching of non-Microsoft
programs.
Automatic package creation, plus access to out-of-the-box
packages.
Security
Pinpoint the exact vulnerabilities affecting your network and
verify security levels (Microsoft, third-party and custom
programs).
Audit, enforce and document patching levels based on in-
depth intelligence.
Secure your off-site assets.
CSI Key TakeawaysWhat’s in it for you?
CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing10-03-2015
17
Strengths:
Complete coverage of Microsoft applications
Complete coverage of Windows Client OS
Good deployment capabilities (“Supersedence”, “Dependencies”)
Weaknesses
No content for 3rd Party (non-Microsoft) applications
No tool for supporting patch management of non-Microsoft
applications
The Patch Management Challenge with Microsoft
System Center
“Microsoft Configuration Manager does not provide automated
patch management for other products, such as Adobe applications
(other than Reader and Flash), Java, Firefox, Chrome, and Skype.
Organizations must patch these types of applications by doing
their own patch research, repackaging or scripting the updates, and
pushing through Configuration Manager.”