ECMDay2015 - Kent Agerlund - Secunia - 10 minutes is all it takes – Managing Microsoft and 3rd...

Addressing the challenge of

patch management with The

Secunia CSI and System Center

ConfigMngrWilliam Melby, Regional Director, Secunia

Kent Agerlund, MVP, Coretech

CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing

2

Company OverviewBrief Secunia facts

Established: 2002

HQ: Copenhagen, Denmark

Regional office: Minneapolis, USA

Regional development office:

Bucharest, Romania

Ongoing collaboration with

leading industry organizations

Trusted advisor to thousands of

organizations, including CERTS

and ISACs, the White House,

NATO, NIST, NERC and Mitre.

Employees: 96 FTE’s, 25

Nationalities

Ownership: DKA Capital


3

Where does the raw intel come from?

Meta-crawler engine searching 3,000 sources

Good relationship with software vendors

Good relationship to community / coordinated disclosure via Secunia

In-house research

What happens with the raw data?

Secunia verifies

Secunia standardizes

How does Secunia Research work?


4

Research TeamThe heart and soul of Secunia; the eyes and ears of the industry

One of the largest Vulnerability

Intelligence databases on the

market• Database contains

vulnerabilities in software

products since 2003.

• 50,000+ programs,

applications and plug-ins

from thousands of

software vendors.

• Fully CVE compliant.

Data is tested and

verified by Secunia’s

researchers.

• The database is unique

to Secunia and is

Secunia IP.


5

Solutions Portfolio

Reliable, transparent, integrated, cloud-deployed solutions

Free version for smartphones and tablets

Scans apps downloaded from Google Play as

well as apps from external sources

Alerts users to apps with known vulnerabilities

Checks that security updates are performed

quickly

Personal Software Inspector (PSI) PSI for Android

Consum

er

Free tool for Vulnerability Management

Safeguard data from cybercriminals

Scans software on PCs and identifies insecure

programs

Automatically applies software security updates to

keep PCs secure

Corp

ora

te

Corporate Software Inspector (CSI) Vulnerability Intelligence Manager (VIM)

Targeted, flexible Patch Management Secures and updates vital applications

The complete A-Z: Vulnerability Intelligence and

Scanning plus Patch Creation and Deployment

Microsoft System Center 2012 and WSUS

integration

Scans PCs and Apple Mac OS X

Tactical handling of vulnerability threatsEnables pre-emptive action against

vulnerabilities in a simple, cost-effective way

Delivers real-time vulnerability alerts

No installation required


6

13,073 vulnerabilities were discovered in 2,289 vulnerable products.

Vulnerabilities in All Products in 2013: 13,073A 45% increase in vulnerabilities (5 year trend)

Source: “Secunia Vulnerability Review 2014.” https://secunia.com/vulnerability-review/

https://secunia.com/vulnerability-review/


7

In 2013 there were less third-party programs in a typical software portfolio, yet these programs

accounted for the majority of vulnerabilities. It is not enough to only patch Microsoft programs or

the ‘usual suspects’.

Enterprise Challenge: Knowing What to PatchSecunia brings visibility and solutions to vulnerability threats

Source: “Secunia Vulnerability Review 2014.” http://secunia.com/vulnerability-review/

http://secunia.com/vulnerability-review/


8

86% of vulnerabilities had patches available on the day of disclosure.

You can patch most vulnerabilities – the trick is knowing what to patch.

Time to Patch! Top 50 Software PortfolioPatch availability on the day of disclosure is increasing

Source: “Secunia Vulnerability Review 2014.” https://secunia.com/vulnerability-review/

https://secunia.com/vulnerability-review/


9

Corporate Software Inspector

(CSI)

CONFIDENTIAL - Secunia Corporate, Product and Roadmap Briefing10-03-2015

10

From Patch Management to Software Vulnerability

Management


11

The only security solution for patch management

Rich security content: Vulnerability Intelligence

Proprietary vulnerability database

Software inventory scanner: 20,000+ applications

Tested patches

Secunia Packaging System:

Disabled adware, EULA, shortcuts

Single-click configuration options

Enterprise ready

The Secunia CSIHow we are different


12

Patch Management = Patch deployment

No synergy between security assessment and patch

activities

Focus on the most common applications

Dependency on vendor information

Non prioritized patching process

Non rated patch content (criticality)

Focus on content rather than assessment and

prioritization

Patch ManagementChallenges and Misconceptions


13

The Secunia CSIWe support the entire Software Vulnerability Management Lifecycle


14

Introduction to the Secunia CSICombining scanning and patching to meet the requirements of both IT security and

operations

It’s not enough to detect the

vulnerabilities if you can’t

patch them. It’s not enough to

have the patches, if you don’t

know where to apply them.

Secunia CSI gives you the when, the

where, the what and the how:

This combination of vulnerability

intelligence, vulnerability scanning, patch

creation and patch deployment is unique

in the industry.


15

Coverage

Scan/assess the security state of

practically all legitimate programs

running on Microsoft Windows

Platforms.

Scanning support for Windows,

Apple Mac OS X, Red Hat

Enterprise Linux (RHEL) and

Android platforms.

Sources Secunia’s Vulnerability

Intelligence Database, covering

all off-the-shelf programs.

CSI Feature HighlightsComplete, flexible, unique – it works the way you do

Overview

Smart Groups filter and

segment data according to

products, devices or

advisories.

User group accounts based

on roles and permissions.

Exact mapping of

infrastructure and users to

ensure environments are in

sync.

Integration

Manage and publish packages

using third-party patch deployment

solutions (Microsoft

WSUS/System Center 2012 or

Altiris).

Secunia VIM: automatically

create/update asset lists based on

Secunia CSI’s scan results.

Secunia PSI 3.0/PSI for Android:

manage decentralized

PCs/Android devices.


16

Management

Comply with regulatory standards (e.g. PCI-DSS or NERC-

CIP) regarding the patching of programs.

Utilize your existing infrastructure to enforce security levels,

i.e. Microsoft System Center 2012.

Enable policy enforcement and document your compliance

efforts in the case of a breach.

Operations

An overview of the security state of all programs installed

across endpoints and servers for effective prioritization of

patching efforts.

Cross-platform scanning and patching of non-Microsoft

programs.

Automatic package creation, plus access to out-of-the-box

packages.

Security

Pinpoint the exact vulnerabilities affecting your network and

verify security levels (Microsoft, third-party and custom

programs).

Audit, enforce and document patching levels based on in-

depth intelligence.

Secure your off-site assets.

CSI Key TakeawaysWhat’s in it for you?


17

Strengths:

Complete coverage of Microsoft applications

Complete coverage of Windows Client OS

Good deployment capabilities (“Supersedence”, “Dependencies”)

Weaknesses

No content for 3rd Party (non-Microsoft) applications

No tool for supporting patch management of non-Microsoft

applications

The Patch Management Challenge with Microsoft

System Center

“Microsoft Configuration Manager does not provide automated

patch management for other products, such as Adobe applications

(other than Reader and Flash), Java, Firefox, Chrome, and Skype.

Organizations must patch these types of applications by doing

their own patch research, repackaging or scripting the updates, and

pushing through Configuration Manager.”

Stay Secure

www.secunia.com

Secunia

Mikado House, Rued Langgaards Vej 8, 4th floor

DK-2300 Copenhagen S

Denmark

Phone: +45 7020 5144

Fax: +45 7020 5145

Secunia Inc.

Lake Calhoun Business Center, Suite 420

3033 Excelsior Boulevard

Minneapolis, MN 55416

USA

Phone: +1 888 924 8265

Fax: +1 888 924 8266

ECMDay2015 - Kent Agerlund - Secunia - 10 minutes is all it takes – Managing Microsoft and 3rd...

Technology

Transcript of ECMDay2015 - Kent Agerlund - Secunia - 10 minutes is all it takes – Managing Microsoft and 3rd...