State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.
SecureWorld Seattle Vulnerability Mgmt Nov 11 2015
-
Upload
kevin-murphy -
Category
Documents
-
view
296 -
download
0
Transcript of SecureWorld Seattle Vulnerability Mgmt Nov 11 2015
![Page 1: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/1.jpg)
Kevin J. Murphy
Cyber Security Defenseby Effective Vulnerability Mgmt.
Director, Windows Security Architecture
![Page 2: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/2.jpg)
Agenda
2
• Before We Begin..• Year in Review: Cyber Crime & Nation States, Breaches, &
Trends• Core of Vulnerability Management• Best Practices• Peer discussion
![Page 3: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/3.jpg)
Before We Begin……
3
![Page 4: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/4.jpg)
Manufacturing Consulting Energy
Software Retail Healthcare
TelecommunicationsGovernment
BankingOthers?
Industries Representation
![Page 5: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/5.jpg)
PCI Standards
5
![Page 6: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/6.jpg)
Year in Review
6
![Page 7: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/7.jpg)
Year in Review : Baits and Social Media
7
![Page 8: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/8.jpg)
Year in Review : Identity Exposure
8
This data was before the US Gov. OPM breach of 21.5 million identities
![Page 9: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/9.jpg)
Year in Review : Attack Profiles
9
![Page 10: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/10.jpg)
Year in Review : Cyber crime and Nation Threats
10
• 43% of all cyber attacks originated in China in 2014. http://vpncreative.net
(I don’t believe this. I think China just gets caught)
• Mobile O/S and app threats are rising as vectors into the enterprise
• Dating sites have targeted phishing attacks
• Facebook Twitter & Pinterest –sharing links to friends that are links to malware
![Page 11: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/11.jpg)
Patch Management : Just Do IT!
Please download this doc.Most attacks use known vulnerabilitiesPatches are available in most cases
This should be considered as part of the normal operations
![Page 12: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/12.jpg)
Patch Management: Core Elements
1. Accurate Asset Inventorya. Make sure you know your assets better than your attacker.
2. Patch availability awarenessb. Microsoft Security Response Centerc. http://csrc.nist.gov/d. Your software vendors
3. Timely Monitoring, Scanning & Alerting infrastructure
This should be considered as part of the normal operations
![Page 13: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/13.jpg)
Patch Management: Core Elements
4. Type of Patchesa. Core operating systems patches:
Windows, Linux, Android, iOS, otherb. Infrastructure patches: Cisco, Juniper, F5,
Palo Alto, etc.c. Your application patches: 3rd party, your
internal developed apps., mobile apps.d. Monitor tool patchese. Don’t forget your outliers: security cameras,
HVAC, etc.
This should be considered as part of the normal operations
![Page 14: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/14.jpg)
Patch Management : Deployment Plan on rolling out patches monthly Critical patches should be patched out of
sequence if an active exploit is in progress Always test your patches first! Full-time team Fully funded in your budget cycle Patch status should be part of your normal
information system reporting metrics
This should be viewed as part of the normal operations of your systems
![Page 15: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/15.jpg)
Patch Management : Tips Attackers would love to infect your patch and
have you roll out their malware for them. Use checksums/strong hash to verify patch
integrity Maintain configuration control Secure network file transfer if possible Automate and Phase your deployment to patch
your high value systems first Verify your patch isn’t creating an outageProtect your patching infrastructure.
![Page 16: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/16.jpg)
Patch Management : Cloud Based Systems
In most cases, your cloud provided will handle patches from the hypervisor and below
You still own patching your cloud based applications
Verify you cloud service level agreements and
Make sure there are no patching gaps. (Find the coverage gaps before your attacker does.)
![Page 17: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/17.jpg)
Learning From Peers
Let’s ShareAnd Learn
![Page 18: SecureWorld Seattle Vulnerability Mgmt Nov 11 2015](https://reader035.fdocuments.in/reader035/viewer/2022070510/58acb17e1a28ab68608b5769/html5/thumbnails/18.jpg)
Veteran’s Day