Fixing Vulnerabilities and Patching Endpoints with Saner ... · Fixing Vulnerabilities and Patching...

Fixing Vulnerabilities and Patching Endpoints with

Saner Endpoint Security Solution

Vulnerability and Patch Management with Saner Endpoint Security Solution

Vulnerability Management Vulnerability Management with Saner Endpoint Security Solution 1. Visibility 2. Setting: Scheduled Scan 3. Reports 4. Host 5. Alerts 6. Backup 7. Remediation 8. Remediation Status

Patch Management 1. Operating System Patches a. Microsoft Updates i. WSUS Server ii. Default Microsoft Update Server b. Linux Machines i. For RPM Machines ii. For DPKG Machines c. MAC OS X Packages 2. Third-party ApplicationsDeploy Patches 1. Remediation Rule 2. Remediation Job 3. Host Details Showing Installed Patches

Index

Title Page No.

3346789

101112

1314141414141414141415161820


Vulnerabilities are weaknesses in software, which can be exploited by attackers to gain control over computer systems, steal sensitive information and cause disruption of services. Vulnerabilities can be in the OS components or software applications. IT administrators have to identify and manage risks associated with these vulnerabilities.

The efficacy of vulnerability management is dependent on the organization’s capability to keep up with the current security threat landscape which is continuously evolving. Therefore, organizations must be proactive when it comes to vulnerability management attempts. Although most vulnerability management tools or systems will provide updates as new threats arise, organizations must put in an effort to engage systematically in threat research and analysis.

Monitor + Assess + Prioritize + Remediate = Vulnerability Management

Vulnerability Management

The objective of a vulnerability management solution should be to simplify the vulnerability management cycle to a daily routine, simplify remediation and reporting, and reduce the total cost of operation (TCO). The Saner solution helps to identify, classify, remediate, and mitigate vulnerabilities in an organization. In the following sections, we will see how to accomplish Vulnerability Management with the Saner solution.

Vulnerability Management with Saner Endpoint Security Solution

3


1. Visibility

Fig.1

4

Fig.2

Figure 1 displays the Saner dashboard.

Figure 2 displays the Vulnerabilities in a network.


The visibility feature in the Saner solution allows IT administrators or the security team to view all the hosted devices and vulnerabilities present in each device. This feature allows IT administrators to gain visibility into the vulnerabilities and mis-configurations.

1. Log onto the Saner dashboard.2. Click Visibility on the left pane.3. Click More info. in the “Vulnerability” pane.4. The impacted host name, vulnerabilities, and severity status are displayed.

5

Fig.3

Figure 3 displays the Missing Patches in a network.


Scheduling a scan is the second step in vulnerability management. The scheduled scan feature under Settings allows the IT administrators to schedule a scan time. This scan gives a report which includes details of the latest vulnerabilities in the network. In figure 4, the scheduled scan time is shown as 12:00 PM. Scans and updates are scheduled to run at 12:00 PM and 11:00 PM as long as the machine is switched on. Hence the latest vulnerabilities are obtained. If the system is down then there will be a missed scan notification. The schedule time can be changed. Once the report is generated, IT administrators can identify the latest vulnerabilities in the network.

1. Click Manage under “Settings”.2. Schedule a scan time in Scheduled Scan Time.3. Specify a Name and Description.4. Apply to a Group.5. Click Update.

2. Setting: Scheduled Scan

Fig.4

6


3. Reports

This report lists the vulnerability details based on device groups and specific devices. It includes the vulnerability instances for each vulnerable asset and a description of each vulnerability. Vulnerabilities for each group and host are categorized by severity, as seen in figure 5. The severity of vulnerabilities is represented using color codes:Red: CriticalYellow: HighPale Yellow: MediumGreen: Low

1. Click Reports on the left pane.2. Click Vulnerability Report.3. View vulnerabilities at a glance.

Fig.5

7


4. Host Details

The Host feature on the Saner dashboard displays vulnerability statistics of an individual host. This feature allows IT administrators to gain visibility into installed and missing patches, processes and services, file information, security events, network connections, installed software, devices, and privileged users for each host. The impacted host is shown in figure 6. The vulnerability statistics of the impacted host is represented in color codes (pie chart):Red: CriticalYellow: HighBlue: Medium

1. Click Manage > Devices on the left pane.2. Select a Hostname in the “Device Table” to see the corresponding details.3. View the vulnerability statistics of the impacted host.

Fig.6

8


5. Alerts

The Alerts feature in the Saner dashboard sends a notification alert to the specified email (Figure 7) on detection of new vulnerabilities after the scheduled scan. This setting has to be set before the first scheduled scan. The notification for vulnerabilities is based on their criticality.

1. Click Alerts on the left pane.2. Turn on “Subscribe” to enable vulnerability alerts.3. Specify an email ID to which the alerts must be sent and the category of vulnerability on which notifications must be based.4. Click Update.

Fig.7

9


6. Backup

The backup settings under Reports allow IT administrators to obtain a backup report which shows the vulnerabilities. The backup time should be scheduled. The backup can be taken on a daily or weekly basis for forensic analysis.

1. Click Reports on the left pane.2. Click Vulnerability Reports.3. Select Backup.4. Specify the Backup Time and Frequency (daily or weekly) to generate a backup report.5. Click Save.

Fig.8

10


7. Remediation

Once the report is generated and vulnerabilities are known, Remediation is performed in two ways - Remediation Job/ Remediation Rule. The remediation job includes vulnerable/ non-compliant assets that can be applied to a set of groups. The remediation job can be executed immediately, can be scheduled or performed after the scheduled scan. The remediation rule allows IT administrators to select all vulnerable and non-compliant assets after the scheduled scan. Figure 9 shows how to create a Remediation Job.

To Create a Remediation Job:1. Click CMD & Ctrl on the left pane.2. Select Create Command. 3. Click Remediation.4. Select Remediation Job from the action drop-down.5. Do one of the following:Based on Groups, select the groups.Based on Assets, select the assets.6. Based on the previous step, add the selected lists of devices/ assets to remediate to the column on the right by clicking the arrow.7. Specify a name and description. Select a time to apply the remediation job.7. Click Add to create the task.

Once the Remediation Job action is executed, generate a report again after 20-30 minutes. Compare this report with the report generated prior to the remediation job to identify how many hosts were affected and how many hosts have been remediated successfully.

Fig.9

11


Remediation Status

Fig.11

Figure 11 shows the completed Remediation status.

12

Figure 10 shows the number of risks mitigated by the Remediation Job.

Fig. 10


Security patches are the primary method of fixing security vulnerabilities in a software. A patch is a piece of software created to update a computer program or its supporting data, to resolve or improve it. This includes fixing security vulnerabilities and mis-configurations and bugs with patches known as bug fixes. Patch management is a strategy to decide what patches should be applied to which systems at what time.

Saner Business provides access to the latest vendor patches that are tested by experts. With its capability to identify vulnerabilities and map appropriate patches to remove vulnerabilities, Saner Business automates the process of security patch management. This frees up considerable time for IT staff while keeping the patches on endpoint systems up to date. Saner Business also provides crucial information on the severity of detected vulnerabilities which is useful in deciding whether or not to apply patches on critical systems.

Patch Management

Fig.1

The Saner dashboard in Figure 1 displays the patches that are missing for the hosts on a network.

13


The Saner solution performs patch management for Windows, Linux and the Mac operating systems, and for third-party applications.

1. Operating System Patches:

a. Microsoft UpdatesPatch Management for Microsoft updates works in two ways:

i. WSUS ServerIf Windows update is configured to contact the WSUS Server, the Saner agent directly contacts the WSUS Server to get the latest available patches. Otherwise, it will contact the Microsoft Update Server. To configure ‘Windows Update’ to contact WSUS Server, visit https://thwack.solarwinds.com/community/application-and-server_tht/patchzone/blog/2013/05/02/configuring-your-first-wsus-client.

ii. Default Microsoft Update ServerIf Windows update is configured to contact the Microsoft Update Server, agent directly contacts the Microsoft Update Server to get the latest available patches.

b. Linux Machinesi. For RPM MachinesThe Saner solution uses the Yum repository to install rpm package updates, which contacts the respective update server to get the latest patches.

ii. For DPKG MachinesThe Saner solution uses apt-get package which is a default package present in dpkg machines. The agent contacts the respective update server to get the latest patches. c. Mac OS X PackagesThe Saner solution uses the softwareupdate command to update OS X packages. The agent contacts the MAC OS X Update Server.

2. Third-party ApplicationsThe Saner solution supports 81 applications for Patch Management as listed below. The applications are constantly updated.

All Microsoft productsAll Linux distros packagesAll Mac OS X packagesAdobe DreamweaverAdobe InDesignAdobe JrunAdobe PageMakerAdobe PhotoshopAdobe RoboHelpAdobe PresenterAdobe FMSAdobe AIRAdobe Flash PlayerAdobe CaptivateAdobe Shockwave PlayerAdobe ReaderAdobe AcrobatAdobe IllustratorAdobe Digital Edition

AOL Instant MessengerApache HTTP ServerApache TomcatApache SubversionApple iTunesApple QuickTimeApple SafariApple XcodeBlackBerry DesktopElasticsearchEnterprise Applications, Servers - Vulnerability ContentFoxit ReadergZipGoogle ChromeMozilla FireFoxMozilla SeaMonkeyMozilla ThunderbirdMySQL

MySQLGhostscriptGoogle DesktopGoogle EarthGoogle PicasaGoogle SketchUpGPG4WinIBM DB2IBM Lotus DominoIBM Lotus NotesOpenSSHOpenSSLOpen JDKOpen OfficeOpenVPN ClientOperaOracle Application ServerOracle WebLogic ServerOracle Database Server

14

https://thwack.solarwinds.com/community/application-and-server_tht/patchzone/blog/2013/05/02/configuring-your-first-wsus-client

https://thwack.solarwinds.com/community/application-and-server_tht/patchzone/blog/2013/05/02/configuring-your-first-wsus-client


PidginPostgreSQLPowerZipPuttyPerl (Active Perl)PHPPGP DesktopPythonRealPlayerRealVNCRubySkypeSun Java JDK

Sun VirtualBoxVmware PlayerVmware FusionVmware Horizontal ClientVmware ESXiVmware ViewVmware WorkstationVmware Movie DecoderVLC MediaPlayerWinampWinRarWinzipWireshark

Patch management with Saner solution can be done by creating either a:1. Remediation Rule 2. Remediation Job

Deploy Patches

15


1. Remediation Rule

The Remediation Rule feature is executed after every scan. It allows IT administrators to patch vulnerable assets in four ways:

1. Selected vulnerable and non-compliant assets - Remediation is done only for selected vulnerable and non-compliant assets.2. All vulnerable and non-compliant assets - Remediation is done for all vulnerable and non-compliant assets.3. All vulnerable assets - Remediation is done only for all vulnerable assets.4. All non-compliant assets - Remediation is done only for all non-compliant assets.

To create a Remediation Rule task:1. Log onto the Saner dashboard.2. Click CMD & Ctrl on the left pane. Click Remediation.3. Select Remediation Rule from the action drop-down.4. Select a Group to which the rule must be applied.5. Select the type for remediation as shown above.6. Include/ exclude the required assets.6. Specify a name and description for the Remediation Rule and click Create.

Fig.2

16


Remediation Rule Status

Figure 3 shows the completed Remediation Rule Status

Fig.3

17


The Remediation Job feature allows IT administrators to patch vulnerable assets. This is a one-time task and it cannot be repeated. The remediation can be performed immediately, after a scheduled scan or set to a custom time.

To Create a Remediation Job task:1. Click CMD & Ctrl on the left pane. Click Remediation.2. Select Remediation Job from the action drop-down.3. Select a Group to which the job must be applied.4. Select the assets to remediate from the list of vulnerable/ non-compliant assets.5. Select the Remediation Time. 6. Click Add to create the task.

As soon as the agent receives the above task, remediation will be done based on the type of the selection.

2. Remediation Job

Fig.4

18


Figure 5 shows the completed Remediation Job Status

Fig.5

Remediation Job Status

19


Figure 6 displays host details with Installed Patches.

3. Host Details Showing Installed Patches

Fig.6

SecPod Saner is a vulnerability and patch management product that identifies security vulnerabilities and mis-configurations, and then remediates issues to ensure systems in an organization remain secure. It reduces the job of vulnerability management into a simple daily routine. It brings down the cost of the vulnerability management solution, is easy to deploy and simple to use. The Saner solution applies the latest patch to ensure systems in an organization remain secure and up to date.

20

About UsSecPod Technologies creates cutting edge products to ensure endpoint security. Founded in 2008 and headquartered in Bangalore with operations in USA, the company provides computer security software for proactively managing risks and threats to endpoint computers.

Contact UsWeb: www.secpod.com Tel: +91-80-4121 4020Email: [email protected] +1-918-625-3023

© SecPod Technologies

Fixing Vulnerabilities and Patching Endpoints with Saner ... · Fixing Vulnerabilities and Patching...

Documents

Transcript of Fixing Vulnerabilities and Patching Endpoints with Saner ... · Fixing Vulnerabilities and Patching...