Upload
lumension
View
1.334
Download
0
Tags:
Embed Size (px)
Citation preview
Why Patch Management is Still the Best First Line of Defense
Today’s Speaker
2
Paul HenrySecurity & Forensics AnalystMCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCESANS Institute Instructor
Today’s Agenda
More Vulnerabilities – Beyond Just Microsoft
Increased Sophistication of Attacks
Patch Management Challenges
The Best First Line of Defense
Q&A
More Vulnerabilities…Beyond Just Microsoft
Vulnerabilities AND Exploits on the Rise
Report: Exploits Rate Reaches 61 Percent in January 2011
• Attackers exploited more new vulnerabilities in January than usual, writing exploits for half of 'critical' vulnerabilities
Source: Dark Reading, February 3, 2011
5
Known Vulnerabilities Still Being Exploited
Source: M86 Security
6
Growing Application Risk – No Longer Just Microsoft
» Social networking applications were detected in 95% of organizations. *
» 78% of Web 2.0 applications support file transfer.*
» 2/3 of applications have known vulnerabilities.*
» 28% of applications were known to propagate malware.*
* Palo Alto Networks Application Survey 2009, 2010
7
Increasing # of Web App Vulnerabilities
IBM X-Force
8
Web Applications are the Leading Attack Path
The applications we use today for productivityCollaborative / Browser-based / Open Source
Social Communities, Gadgets, Blogging and Widgets open up our networks to increasing risk everyday.
Source: Verizon, 2010 Data Breach Investigations Report
9
Increased Sophistication of Attacks
Multiple Vectors and Multiple Exploits
11
Abusing Unintended Consequences
12
Better Tools For The Bad Guys
13
Point And Click Malware Design
14
Why Buy It When You Can Rent It?
15
Common Denominator
In a recent data breach study of 500 breaches….. 90% of the exploits used for entry had patches available for 6 months or longer. The same study went on to point out that 50% of systems have 10 or more vulnerabilities for which patches are currently available for.
16
Patch Management Challenges
Minimize Your True Endpoint Risk
Source: John Pescatore Vice President, Gartner Fellow
30% Missing Patches
Areas of Risk at the Endpoint
65% Misconfigurations
5% Zero-Day
•Patch and configuration analysis and delivery are needed across all systems; operating systems and applications.
•Unmanaged endpoints on the network are unknown and unprotected.
•Application and operating system patching is not benchmarked or continuously enforced.
•Standard configurations are not assessed or enforced.
•Un-patched browsers represent the highest risk for web-borne malware.
18
Lack of Resources and Coordination
» Reduced IT personnel and network resources• Decrease the Effectiveness of
Endpoint Operations & Security
» Lack of visibility and coordination• IT Operations and IT Security are
not always coordinated• Reduced ability to manage
organizational compliance and IT risk
19
The Old Approach Doesn’t Work
•Fragmented approach to vulnerability management
•Tools do not consolidate or centralize the management of heterogeneous environments
•High management overhead & cost
•Lack of visibility of the overall security posture
•Don’t discover blind spots or hidden devices
•Disparate reporting
20
The Best First Line of Defense
Patching Client Side Apps Now #1 Priority
The problem of un-patched client-side vulnerabilities is one of the two most pressing priorities organizations need to address to mitigate cyber security risks.
Most organizations today take at least twice as long to patch third-party application vulnerabilities than they do to patch operating system vulnerabilities.
SANS Institute, Top Cyber Security Risks, September 2009
22
Managing Vulnerabilities: Best Practices
Assess Prioritize Remediate Repeat• Identify all IT assets (including platforms, operating systems, applications, network services)
• Monitor external sources for vulnerabilities, threats and intelligence regarding remediation
• Scan all IT assets on a regular schedule for vulnerabilities, patches and configurations
• Maintain an inventory of IT assets
• Maintain a database of remediation intelligence
• Prioritize the order of remediation as a function of risk, compliance, audit and business value
• Model / stage / test remediation before deployment
• Deploy remediation (automated, or manually)
• Train administrators and end-users in vulnerability management best practices
• Scan to verify success of previous remediation
• Report for audit and compliance
• Continue to assess, prioritize and remediate
Source: Aberdeen Group, Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), December 2010
23
1. Discovers: Ensures complete visibility of all IT assets, both managed and unmanaged.
2. Assesses: Performs a deep analysis and thorough OS, application and security configuration vulnerability assessments.
3. Prioritizes: Focuses on your most critical security risks first.
4. Remediates: Automatically deploys patches to an entire network per defined policy to support all OS’s and applications – to both online AND offline machines.
5. Reports: Provides operational and management reports that consolidate discovery, assessment and remediation information on a single management console.
Comprehensive and Actionable IT Risk Mitigation
Lumension® Endpoint Management & Security Suite: Patch & Remediation
24
•Lumension Endpoint Management and Security Suite is an extensible solution suite that reduces complexity, optimizes TCO, improves visibility and delivers control back to IT.
Streamline Patch Management Across Your Environment
» Reduces Complexity and TCO through effective automation of operational tasks
» Provides Greater Visibility and Into Control Over your network’s endpoints
» Improves Operational Efficiency with a single console to manage multiple functions
» Elevates Security and Compliance Posture through automatic policy enforcement
25
Patch is Core Component of Defense-in-Depth
BlacklistingAs The Core
Zero Day
3rd Party Application
Risk
MalwareAs a
Service
Consumerizationof IT
Defense-N-Depth
Traditional Endpoint Security
Patch & Configuration
Mgmt.
Emerging Endpoint Security Stack
26
Q&A
Next Steps
28
•Overview of Lumension® Patch and Remediation
» http://www.lumension.com/Resources/Demo-Center/Overview-Vulnerability-Management-Solution.aspx
•Vulnerability Scanner Tool» http://www.lumension.com/Resources/Security-Tools/Vulnerability-Scanner.as
px
•Third Party Analysis» Forrester Wave: Vulnerability Management 2010
• http://www.lumension.com/Resources/Reports/Forrester-Wave---Vulnerability-Management-Q2-2010.aspx
» Tolly Report: TCO Comparison - Lumension® vs. Microsoft ® WSUS• http://www.lumension.com/Resources/WhitePapers/Lumension-Vulnerability-Manag
ement-Microsoft-WSUS.aspx
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828