Upload
trend-micro-emea-limited
View
748
Download
3
Embed Size (px)
DESCRIPTION
Whether you patch monthly or every six months, the time and resource overhead is significant.... And are you even secure?In this real-life patch test, one of our Solution Architects put a simple virtual machine through it’s paces, with fascinating results. Understand more about typical vulnerabilities and security updates found in even the most simple of servers, learn about the typical decisions being faced by organisations trying to balance operational efficiency with security and see how you can implement same-day protection for vulnerabilities in critical systems, even without patching or during a change freeze.
Citation preview
Copyright 2011 Trend Micro Inc.
A real-life patch test
Vulnerabilities found in one server in 6 months
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 2
Whether you patch monthly…
Or every six months
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 3
Whether you patch monthly…
Or every six months
The time and resource overhead is significant
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 4
Whether you patch monthly…
And are you even secure?
Or every six months
The time and resource overhead is significant
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 5
One of our Solution Architects put a simple virtual machine
through it’s paces… with fascinating results…
PATCHTEST
Copyright 2011 Trend Micro Inc. 6
Simple VM built with WIN2008 R2 only… No apps, no IIS, no SQL Server
This build could equally apply to a physical server
Simple VM built with WIN2008 R2 only… No apps, no IIS, no SQL Server
This build could equally apply to a physical server
26 July 2011
Copyright 2011 Trend Micro Inc.
A large number of updates are available
Remember this is still only one VM running nothing more than WIN2008 R2
A large number of updates are available
Remember this is still only one VM running nothing more than WIN2008 R2
6 months later…
Trend Micro Confidential 04/10/2023 7
Copyright 2011 Trend Micro Inc.
A large number of updates are available
Remember this is still only one VM running nothing more than WIN2008 R2
A large number of updates are available
Remember this is still only one VM running nothing more than WIN2008 R2
6 months later…
Trend Micro Confidential 04/10/2023 8
Now the hard work begins….
Look up the Knowledge Base number and find
the update
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 9
09 AUG 2011… 7 important updates… 13.2MB… REBOOT REQUIRED
23 AUG 2011… 1 important update… 3.6MB… NO REBOOT
13 SEP 2011… 3 important updates… 65.4MB… NO REBOOT
11 OCT 2011… 4 important updates… 34.6MB… REBOOT REQUIRED
25 OCT 2011… 1 important update… 36K… NO REBOOT
08 NOV 2011… 2 important updates… 2.4MB… REBOOT REQUIRED
13 DEC 2011… 5 important updates… 26.1MB… REBOOT REQUIRED
29 DEC 2011… 3 important updates… 14.3MB… NO REBOOT
10 JAN 2011… 5 important updates… 19.1MB… REBOOT REQUIRED
Take a closer look at the updates
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 10
A total of 31 important security updates were announced over 6 months, with approx. every other
patch requiring a reboot
RESULTS
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 11
How can you reboot a mission critical system
that cannot be taken offline?
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 12
How can you reboot a mission critical system
How can you reboot any system
that cannot be taken offline?
during a CHANGE FREEZE?
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 13
Significant cross-referencing and assessment of each update needs to be undertaken by a skilled administrator.What else will the update impact? What else is
vulnerable? What is the impact on our risk posture?
IMPACT
Copyright 2011 Trend Micro Inc.
Patch detail
Trend Micro Confidential 04/10/2023 14
Cumulative Security Update for ActiveX Killbits for Windows Server 2008 R2 x64 Edition (KB2618451)http://go.microsoft.com/fwlink/?LinkID=232507ms11-090
Cumulative Security Update for ActiveX Killbits for Windows Server 2008 R2 x64 Edition (KB2618451)http://go.microsoft.com/fwlink/?LinkID=232507ms11-090
Patch #1
RECOMMENDED
Copyright 2011 Trend Micro Inc.
Patch detail
Trend Micro Confidential 04/10/2023 15
Cumulative Security Update for ActiveX Killbits for Windows Server 2008 R2 x64 Edition (KB2618451)http://go.microsoft.com/fwlink/?LinkID=232507ms11-090
Cumulative Security Update for ActiveX Killbits for Windows Server 2008 R2 x64 Edition (KB2618451)http://go.microsoft.com/fwlink/?LinkID=232507ms11-090
Patch #1
RECOMMENDED
Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 Edition (KB2618444)http://go.microsoft.com/fwlink/?LinkID=232505ms11-099
Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 Edition (KB2618444)http://go.microsoft.com/fwlink/?LinkID=232505ms11-099
PATCH #2
RECOMMENDED
Copyright 2011 Trend Micro Inc.
Patch detail
Trend Micro Confidential 04/10/2023 16
Cumulative Security Update for ActiveX Killbits for Windows Server 2008 R2 x64 Edition (KB2618451)http://go.microsoft.com/fwlink/?LinkID=232507ms11-090
Cumulative Security Update for ActiveX Killbits for Windows Server 2008 R2 x64 Edition (KB2618451)http://go.microsoft.com/fwlink/?LinkID=232507ms11-090
Patch #1
RECOMMENDED
Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 Edition (KB2618444)http://go.microsoft.com/fwlink/?LinkID=232505ms11-099
Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 Edition (KB2618444)http://go.microsoft.com/fwlink/?LinkID=232505ms11-099
PATCH #2
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Server 2008 R2 SP1 for x64-based Systems (KB2539635)http://go.microsoft.com/fwlink/?LinkID=218325ms11-069
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Server 2008 R2 SP1 for x64-based Systems (KB2539635)http://go.microsoft.com/fwlink/?LinkID=218325ms11-069
PATCH #3
RECOMMENDED
Private
ly reporte
d
vulnerabilit
y
Copyright 2011 Trend Micro Inc.
Patch detail
Trend Micro Confidential 04/10/2023 17
Cumulative Security Update for ActiveX Killbits for Windows Server 2008 R2 x64 Edition (KB2618451)http://go.microsoft.com/fwlink/?LinkID=232507ms11-090
Cumulative Security Update for ActiveX Killbits for Windows Server 2008 R2 x64 Edition (KB2618451)http://go.microsoft.com/fwlink/?LinkID=232507ms11-090
Patch #1
RECOMMENDED
Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 Edition (KB2618444)http://go.microsoft.com/fwlink/?LinkID=232505ms11-099
Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 Edition (KB2618444)http://go.microsoft.com/fwlink/?LinkID=232505ms11-099
PATCH #2
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Server 2008 R2 SP1 for x64-based Systems (KB2539635)http://go.microsoft.com/fwlink/?LinkID=218325ms11-069
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Server 2008 R2 SP1 for x64-based Systems (KB2539635)http://go.microsoft.com/fwlink/?LinkID=218325ms11-069
PATCH #3
RECOMMENDED
Private
ly reporte
d
vulnerabilit
y
WHICH WILL YOU PATCH??
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 18
Risk Summary
Number of
Security Security
Incidents Category
1 Malicious software removal tool
7 General / reliability updates
23 Security updates
Some hours later and all 31 security updates located and
assessed
23 out of 31 patches are related to security
vulnerabilities
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 19
1 VM, 1 OS, 31 patches 23 of which relate to security vulnerabilities
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 20
1 VM, 1 OS, 31 patches 23 of which relate to security vulnerabilities
For a typical organisation with 50 servers running multiple operating systems and applications, this is
a costly and resource intensive operation
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 21
1 VM, 1 OS, 31 patches 23 of which relate to security vulnerabilities
For a typical organisation with 50 servers running multiple operating systems and applications, this is
a costly and resource intensive operation
Unlike the simple VM, most organisations will not be able to automatically install updates. Individual updates or batches of updates will need to be tested and deployed manually to allow for them to be backed out in case of problems during installation.
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 22
How do you balance operational efficiency
with security?
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 23
How do you balance operational efficiency
You want to install the minimum
number of security patches for BASE LEVEL protection
with security?
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 24
How do you balance operational efficiency
You want to install the minimum
number of security patches for BASE LEVEL protection
with security?
But you want visibility of all security vulnerabilities?
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 25
Virtual Patching: Proactively shield vulnerabilities in critical systems, even without patchingSolution
Copyright 2011 Trend Micro Inc.
Trend Micro Deep SecurityVirtual Patching Solution
Trend Micro Confidential 04/10/2023 26
Detects and blocks known and zero-day attacks that target vulnerabilities
Shields web application vulnerabilities
Increased visibility into, or control over, applications accessing the network
Fully integrates with VMware and provides visibility at the hypervisor level, removing the risk of attacks not being visible within virtualised environments
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 27
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 28
On the same VM running WIN2008 R2
This screen shows results of Trend Micro Deep Security Recommendation Scan :
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 29
On the same VM running WIN2008 R2
… And then identified and shielded a further 11 security updates for which there may be no patches
…. Deep Security identified and proactively shielded 13 security updates
… After security updates concerning local logon, SSL protocol and kernel were discounted…
This screen shows results of Trend Micro Deep Security Recommendation Scan :
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 30
Assess the effectiveness of your patch management process
Recommendations
1
Calculate the cost and risk of emergency patching2
Request a demo of Trend Micro Deep SecurityAnd see how virtual patching could reduce IT resources and costs while enhancing the security and compliance of your data centre applications
3
www.trendmicro.co.uk01628 400552