SlideShare a Scribd company logo

10 Steps to Building an Effective Vulnerability Management Program

BeyondTrust
BeyondTrust

The document outlines a 10-step approach to effective vulnerability management that identifies and addresses vulnerabilities based on risk assessment. It emphasizes the importance of prioritizing assets, understanding the associated threats, and implementing proactive remediation processes. Key challenges include data management, resource allocation, and integrating various systems to effectively manage vulnerabilities.

Software
1 of 39
Downloaded 110 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
10 Steps to Effective Vulnerability Management » 10 Steps » What is Vulnerability Management? » Challenges to Effective VM » The Problem Contents: Derek A. Smith
The Problem
Insider Threat – Analysis and Countermeasures 3 Organizations are Feeling the Pain 1. What causes the damage? 95% of breaches target known vulnerabilities 2. How do you prevent the damage? What are your options? RISK= Assets x Vulnerabilities x Threats You can control vulnerabilities. 3. How do you successfully deal with vulnerabilities? Vulnerabilities Business complexity Human resources Financial resources 4. How do you make the best security decisions? Focus on the right assets, right threats, right measures.
What is Vulnerability Management?
Insider Threat – Analysis and Countermeasures 5 What Is Vulnerability Management A process to determine whether to eliminate, mitigate or tolerate vulnerabilities based upon risk and the cost associated with fixing the vulnerability.
Insider Threat – Analysis and Countermeasures 6 What Is Vulnerability Management  At a high level, the ”intelligent confluence” of… Assessment What assets? Analysis What to fix first? Remediation Fix the problem + + • Component of Risk Management • Balance the demands of business goals and processes
Challenges to Effective VM
Insider Threat – Analysis and Countermeasures 8 Challenges – Assessment  Traditional desktop scanners cannot handle large networks  Provide volumes of useless checks  Chopping up scans and distributing them is cumbersome  Garbage In- Garbage Out (GIGO)– volumes of superfluous data  Coverage at all OSI layers is inadequate  Time consuming and resource intensive  Finding the problem is only half the battle
Insider Threat – Analysis and Countermeasures 9 Challenges – Analysis  Manual and resource intensive process to determine  What to fix  If you should fix  When to fix  No correlation between vulnerabilities, threats and assets  No way to prioritize what vulnerabilities should be addressed  What order  Stale data  Making decisions on last quarter’s vulnerabilities  No credible metrics
Insider Threat – Analysis and Countermeasures 10 Challenges – Remediation  Security resources are often decentralized  The security organization often doesn’t own the network or system  Multiple groups may own the asset  Presenting useful and meaningful information to relevant stakeholders  Determining if the fix was actually made
Insider Threat – Analysis and Countermeasures 11 Challenges – TimeAssetCriticality Vulnerability discovered Exploit public Automated exploit Discovery Remediation Cost to ignore vulnerability is greater than the cost to repair Threat Level Risk Threshold
Vulnerability Management Lifecycle
Insider Threat – Analysis and Countermeasures 13 Vulnerability Management Lifecycle
10 Step Approach: Implementing An Effective VM Strategy
Insider Threat – Analysis and Countermeasures 15 Step 1 - Identify all the assets needing protection  Identify assets by:  Networks  Logical groupings of devices  Connectivity - None, LAN, broadband, wireless  Network Devices  Wireless access points, routers, switches  Operating System  Windows, Unix  Applications  IIS, Apache, SQL Server  Versions  IIS 5.0, Apache 1.3.12, SQL Server V.7
Insider Threat – Analysis and Countermeasures 16 Asset Prioritization  Network-based discovery  Known and “unknown” devices  Determine network-based applications  Excellent scalability  Agent-based discovery  In-depth review of the applications and patch levels  Deployment disadvantages  Network- and agent-based discovery techniques are optimal  Agents - Cover what you already know in great detail  Network - Identify rogue or new devices  Frequency  Continuous, daily, weekly  Depends on the asset
Insider Threat – Analysis and Countermeasures 17 Step 2 - Vulnerability Identification  Knowing what vulnerabilities exist for each asset and the criticality of that vulnerability is essential in determining how best to secure it.
Insider Threat – Analysis and Countermeasures 18 Correlate Threats
Insider Threat – Analysis and Countermeasures 19 Correlate Threats  Not all threat and vulnerability data have equal priority  Primary goal is to rapidly protect your most critical assets  Identify threats  Worms  Exploits  Wide-scale attacks  New vulnerabilities  Correlate with your most critical assets  Result = Prioritization of vulnerabilities within your environment
Insider Threat – Analysis and Countermeasures 20 Step 3 - Consistent Vulnerability Management  Use consistent, high‐frequency scanning  Reduce the volume of vulnerabilities from any one scan
Insider Threat – Analysis and Countermeasures 21 Step 4 - Risk Assessment  Accurate and timely details on the vulnerabilities that exist.  Employ a consistent vulnerability management approach
Insider Threat – Analysis and Countermeasures 22 Determine Risk Level
Insider Threat – Analysis and Countermeasures 23 Risk Calculation  The Union of:  Vulnerabilities  Assets  Threats  Based upon the criticality of VAT  Focus your resources on the true risk
Insider Threat – Analysis and Countermeasures 24 Step 5 - Change Management  Integrate change management with a consistent vulnerability management process
Insider Threat – Analysis and Countermeasures 25 Step 6 - Patch Management  An effective vulnerability management program  Feedback from the patch management program
Insider Threat – Analysis and Countermeasures 26 Step 7 – Mobile Devices  Mobile devices evade traditional vulnerability and compliance management methods  Integrate with Mobile Device Management (MDM) systems or deploy technology
Insider Threat – Analysis and Countermeasures 27 Step 8 - Mitigation Management  Manage vulnerabilities in the event no software update or fix to address the vulnerability is available  Identify alternative ways to manage the exposure
Insider Threat – Analysis and Countermeasures 28 Remediation
Insider Threat – Analysis and Countermeasures 29 Remediation / Resolution  Perfection is unrealistic (zero vulnerabilities)  Think credit card fraud – will the banks ever eliminate credit card fraud?  You have limited resources to address issues  The question becomes:  Do I address or not?  Factor in the business impact costs + remediation costs  If the risk outweighs the cost – eliminate or mitigate the vulnerability!
Insider Threat – Analysis and Countermeasures 30 Remediation / Resolution Apply the Pareto Principle – the 80/20 rule Focus on the vital few not the trivial many 80% of your risk can be eliminated by addressing 20% of the issues The Risk Union will show you the way Right assets Relevant threats Critical vulnerabilities
Insider Threat – Analysis and Countermeasures 31 Remediation / Resolution Patch or Mitigate Impact on availability from a bad patch vs. the risk of not patching Patch or mitigate Recommendations: QA security patches 24 hours Determine if there are wide spread problems Implement defense-in-depth
Insider Threat – Analysis and Countermeasures 32 Step 9 - Incident Response  The security of an organization’s systems is only as effective as how it responds to a security breach  Ensuring the incident response process is alerted to the issue can provide a number of benefits
Insider Threat – Analysis and Countermeasures 33 Step 10 - Automation  The final key to a successful vulnerability management program is automation  Time is of the utmost importance in detecting, assessing and remediating any vulnerability  Manual processing of large amounts of data is extremely time consuming and prone to error.  Reduce the human element
Insider Threat – Analysis and Countermeasures 34 Summary  All assets are not created equally  You cannot respond to or even protect against all threats  An effective vulnerability management program focuses on Risk  Vulnerabilities  Assets  Threats  The hardest step in a 1000 mile journey is the first – start somewhere  Strategically manage vulnerabilities using a comprehensive process
Insider Threat – Analysis and Countermeasures 35 Questions?
36 36 10 Steps to Effective Vulnerability Management Alex DaCosta, Retina Product Manager
37 37 Demo
38 38 Poll Question
39 39 Q&A Thank you for attending!

More Related Content

What's hot (20)

PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
PDF
Secure Coding and Threat Modeling
Miriam Celi, CISSP, GISP, MSCS, MBA
 
PPTX
What is cyber resilience?
Aaron Clark-Ginsberg
 
PDF
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
PDF
Security champions v1.0
Dinis Cruz
 
PPTX
Adaptive Enterprise Security Architecture
SABSAcourses
 
PDF
Enterprise Security Architecture
Kris Kimmerle
 
PPTX
Meaningfull security metrics
Vladimir Jirasek
 
PPTX
Introduction to NIST’s Risk Management Framework (RMF)
Donald E. Hester
 
PPT
Risk Assessment Process NIST 800-30
timmcguinness
 
PPTX
Optimizing Security Operations: 5 Keys to Success
Sirius
 
PDF
NIST SP 800 30 Flow Chart
James W. De Rienzo
 
PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
PPTX
Enterprise Security Architecture Design
Priyanka Aash
 
PDF
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
PPTX
NIST Critical Security Framework (CSF)
Priyanka Aash
 
PPT
SOC presentation- Building a Security Operations Center
Michael Nickle
 
PDF
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
 
PDF
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
PDF
Penetration Testing SAP Systems
Onapsis Inc.
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Secure Coding and Threat Modeling
Miriam Celi, CISSP, GISP, MSCS, MBA
 
What is cyber resilience?
Aaron Clark-Ginsberg
 
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
Security champions v1.0
Dinis Cruz
 
Adaptive Enterprise Security Architecture
SABSAcourses
 
Enterprise Security Architecture
Kris Kimmerle
 
Meaningfull security metrics
Vladimir Jirasek
 
Introduction to NIST’s Risk Management Framework (RMF)
Donald E. Hester
 
Risk Assessment Process NIST 800-30
timmcguinness
 
Optimizing Security Operations: 5 Keys to Success
Sirius
 
NIST SP 800 30 Flow Chart
James W. De Rienzo
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Enterprise Security Architecture Design
Priyanka Aash
 
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
NIST Critical Security Framework (CSF)
Priyanka Aash
 
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
 
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
Penetration Testing SAP Systems
Onapsis Inc.
 

Viewers also liked (20)

PPTX
Como ser um Hacker Ético Profissional
Strong Security Brasil
 
PPT
Oracle UCM Security: Challenges and Best Practices
Brian Huff
 
PDF
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Yosuke Sakai
 
PDF
Apresenta cyber (2)
Orlando Simões
 
PPT
Apresentação Cyberpunk
Orlando Simões
 
PDF
Brigadeiro Engº VenâNcio Alvarenga Gomes
Luis Nassif
 
PDF
Formulario 3C
CLT Valuebased Services
 
PDF
Brigadeiro Engº VenâNcio Alvarenga Gomes
Luis Nassif
 
PPTX
Antivirus Evasion Techniques and Countermeasures
securityxploded
 
PDF
Formulario 3C
CLT Valuebased Services
 
PPT
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
AirTight Networks
 
PPTX
Email phishing and countermeasures
Jorge Sebastiao
 
PPTX
Dstl Medical Countermeasures for Dangerous Pathogens
warwick_amr
 
PPT
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Jeremiah Grossman
 
PDF
Seminar Presentation
Sergey Rubinsky, Ph.D.
 
PDF
VoIP: Attacks & Countermeasures in the Corporate World
Jason Edelstein
 
PPTX
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
American Astronautical Society
 
PDF
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
International Atomic Energy Agency
 
PDF
Cehv8 module 01 introduction to ethical hacking
polichen
 
PDF
Penetration Test (Teste de invasão) – Saiba como ser um Hacker ético na pratica
Campus Party Brasil
 
Como ser um Hacker Ético Profissional
Strong Security Brasil
 
Oracle UCM Security: Challenges and Best Practices
Brian Huff
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Yosuke Sakai
 
Apresenta cyber (2)
Orlando Simões
 
Apresentação Cyberpunk
Orlando Simões
 
Brigadeiro Engº VenâNcio Alvarenga Gomes
Luis Nassif
 
Formulario 3C
CLT Valuebased Services
 
Brigadeiro Engº VenâNcio Alvarenga Gomes
Luis Nassif
 
Antivirus Evasion Techniques and Countermeasures
securityxploded
 
Formulario 3C
CLT Valuebased Services
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
AirTight Networks
 
Email phishing and countermeasures
Jorge Sebastiao
 
Dstl Medical Countermeasures for Dangerous Pathogens
warwick_amr
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Jeremiah Grossman
 
Seminar Presentation
Sergey Rubinsky, Ph.D.
 
VoIP: Attacks & Countermeasures in the Corporate World
Jason Edelstein
 
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
American Astronautical Society
 
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
International Atomic Energy Agency
 
Cehv8 module 01 introduction to ethical hacking
polichen
 
Penetration Test (Teste de invasão) – Saiba como ser um Hacker ético na pratica
Campus Party Brasil
 
Ad

Similar to 10 Steps to Building an Effective Vulnerability Management Program (20)

PPT
Vuln.ppt
karthikvcyber
 
PPT
Vuln_Man_91003.ppt
KRISHNARAJ207
 
PDF
Vulnerability Management Whitepaper PowerPoint Presentation Slides
SlideTeam
 
PPTX
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
ImXaib
 
PPTX
Effective Vulnerability Management
Vicky Ames
 
PPTX
Vulnerability_Management.pptx
Shriya Rai
 
PDF
Vulnerability Management.pdf
IntuitiveCloud
 
PPTX
Challenges of Vulnerability Management
Rahul Neel Mani
 
PDF
What your scanner isn't telling you
Core Security
 
PPTX
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
PDF
Monitoring threats for pci compliance
Shiva Hullavarad
 
PDF
Monitoring threats for pci compliance
Shiva Hullavarad
 
PPT
Qualys user group presentation - vulnerability management - November 2009 v1 3
Tom King
 
PDF
Implementing Vulnerability Management
Argyle Executive Forum
 
PDF
Understanding Vulnerability Management | USCSI®
United States Cybersecurity Institute (USCSI®)
 
PPTX
Proatively Engaged: Questions Executives Should Ask Their Security Teams
FireEye, Inc.
 
PDF
2 20613 qualys_top_10_reports_vm
azfayel
 
PPTX
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
PPTX
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
PDF
Vulnerability Management – Opportunities and Challenges!
Outpost24
 
Vuln.ppt
karthikvcyber
 
Vuln_Man_91003.ppt
KRISHNARAJ207
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
SlideTeam
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
ImXaib
 
Effective Vulnerability Management
Vicky Ames
 
Vulnerability_Management.pptx
Shriya Rai
 
Vulnerability Management.pdf
IntuitiveCloud
 
Challenges of Vulnerability Management
Rahul Neel Mani
 
What your scanner isn't telling you
Core Security
 
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
Monitoring threats for pci compliance
Shiva Hullavarad
 
Monitoring threats for pci compliance
Shiva Hullavarad
 
Qualys user group presentation - vulnerability management - November 2009 v1 3
Tom King
 
Implementing Vulnerability Management
Argyle Executive Forum
 
Understanding Vulnerability Management | USCSI®
United States Cybersecurity Institute (USCSI®)
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
FireEye, Inc.
 
2 20613 qualys_top_10_reports_vm
azfayel
 
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
Vulnerability Management – Opportunities and Challenges!
Outpost24
 
Ad

More from BeyondTrust (20)

PDF
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
 
PDF
10 Steps to Better Windows Privileged Access Management
BeyondTrust
 
PDF
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
PDF
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
BeyondTrust
 
PDF
5 Steps to Privilege Readiness (infographic)
BeyondTrust
 
PDF
Unearth Active Directory Threats Before They Bury Your Enterprise
BeyondTrust
 
PDF
8-step Guide to Administering Windows without Domain Admin Privileges
BeyondTrust
 
PDF
Securing DevOps through Privileged Access Management
BeyondTrust
 
PDF
Crush Common Cybersecurity Threats with Privilege Access Management
BeyondTrust
 
PDF
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
BeyondTrust
 
PDF
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
BeyondTrust
 
PDF
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
BeyondTrust
 
PDF
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
BeyondTrust
 
PDF
Mitigating Risk in Aging Federal IT Systems
BeyondTrust
 
PDF
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
PDF
Hacker techniques for bypassing existing antivirus solutions & how to build a...
BeyondTrust
 
PDF
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
BeyondTrust
 
PDF
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
BeyondTrust
 
PDF
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
BeyondTrust
 
PDF
Prevent Data Leakage Using Windows Information Protection (WIP)
BeyondTrust
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
 
10 Steps to Better Windows Privileged Access Management
BeyondTrust
 
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
BeyondTrust
 
5 Steps to Privilege Readiness (infographic)
BeyondTrust
 
Unearth Active Directory Threats Before They Bury Your Enterprise
BeyondTrust
 
8-step Guide to Administering Windows without Domain Admin Privileges
BeyondTrust
 
Securing DevOps through Privileged Access Management
BeyondTrust
 
Crush Common Cybersecurity Threats with Privilege Access Management
BeyondTrust
 
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
BeyondTrust
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
BeyondTrust
 
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
BeyondTrust
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
BeyondTrust
 
Mitigating Risk in Aging Federal IT Systems
BeyondTrust
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
BeyondTrust
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
BeyondTrust
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
BeyondTrust
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
BeyondTrust
 
Prevent Data Leakage Using Windows Information Protection (WIP)
BeyondTrust
 

Recently uploaded (20)

PPTX
Foundations of Marketo Engage - Powering Campaigns with Marketo Personalization
bbedford2
 
PDF
Empower Your Tech Vision- Why Businesses Prefer to Hire Remote Developers fro...
logixshapers59
 
PDF
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
PPTX
Homogeneity of Variance Test Options IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PPTX
Home Care Tools: Benefits, features and more
Third Rock Techkno
 
PDF
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
PDF
AI + DevOps = Smart Automation with devseccops.ai.pdf
Devseccops.ai
 
PPTX
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
PPTX
Finding Your License Details in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PDF
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
PPTX
Agentic Automation: Build & Deploy Your First UiPath Agent
klpathrudu
 
PPTX
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
PDF
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
PDF
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
PDF
vMix Pro 28.0.0.42 Download vMix Registration key Bundle
kulindacore
 
PPTX
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
PDF
TheFutureIsDynamic-BoxLang witch Luis Majano.pdf
Ortus Solutions, Corp
 
PDF
Download Canva Pro 2025 PC Crack Full Latest Version
bashirkhan333g
 
PPTX
Tally software_Introduction_Presentation
AditiBansal54083
 
PPTX
Milwaukee Marketo User Group - Summer Road Trip: Mapping and Personalizing Yo...
bbedford2
 
Foundations of Marketo Engage - Powering Campaigns with Marketo Personalization
bbedford2
 
Empower Your Tech Vision- Why Businesses Prefer to Hire Remote Developers fro...
logixshapers59
 
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
Homogeneity of Variance Test Options IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
Home Care Tools: Benefits, features and more
Third Rock Techkno
 
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
AI + DevOps = Smart Automation with devseccops.ai.pdf
Devseccops.ai
 
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
Finding Your License Details in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
Agentic Automation: Build & Deploy Your First UiPath Agent
klpathrudu
 
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
vMix Pro 28.0.0.42 Download vMix Registration key Bundle
kulindacore
 
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
TheFutureIsDynamic-BoxLang witch Luis Majano.pdf
Ortus Solutions, Corp
 
Download Canva Pro 2025 PC Crack Full Latest Version
bashirkhan333g
 
Tally software_Introduction_Presentation
AditiBansal54083
 
Milwaukee Marketo User Group - Summer Road Trip: Mapping and Personalizing Yo...
bbedford2
 

10 Steps to Building an Effective Vulnerability Management Program

  • 1. 10 Steps to Effective Vulnerability Management » 10 Steps » What is Vulnerability Management? » Challenges to Effective VM » The Problem Contents: Derek A. Smith
  • 3. Insider Threat – Analysis and Countermeasures 3 Organizations are Feeling the Pain 1. What causes the damage? 95% of breaches target known vulnerabilities 2. How do you prevent the damage? What are your options? RISK= Assets x Vulnerabilities x Threats You can control vulnerabilities. 3. How do you successfully deal with vulnerabilities? Vulnerabilities Business complexity Human resources Financial resources 4. How do you make the best security decisions? Focus on the right assets, right threats, right measures.
  • 5. Insider Threat – Analysis and Countermeasures 5 What Is Vulnerability Management A process to determine whether to eliminate, mitigate or tolerate vulnerabilities based upon risk and the cost associated with fixing the vulnerability.
  • 6. Insider Threat – Analysis and Countermeasures 6 What Is Vulnerability Management  At a high level, the ”intelligent confluence” of… Assessment What assets? Analysis What to fix first? Remediation Fix the problem + + • Component of Risk Management • Balance the demands of business goals and processes
  • 8. Insider Threat – Analysis and Countermeasures 8 Challenges – Assessment  Traditional desktop scanners cannot handle large networks  Provide volumes of useless checks  Chopping up scans and distributing them is cumbersome  Garbage In- Garbage Out (GIGO)– volumes of superfluous data  Coverage at all OSI layers is inadequate  Time consuming and resource intensive  Finding the problem is only half the battle
  • 9. Insider Threat – Analysis and Countermeasures 9 Challenges – Analysis  Manual and resource intensive process to determine  What to fix  If you should fix  When to fix  No correlation between vulnerabilities, threats and assets  No way to prioritize what vulnerabilities should be addressed  What order  Stale data  Making decisions on last quarter’s vulnerabilities  No credible metrics
  • 10. Insider Threat – Analysis and Countermeasures 10 Challenges – Remediation  Security resources are often decentralized  The security organization often doesn’t own the network or system  Multiple groups may own the asset  Presenting useful and meaningful information to relevant stakeholders  Determining if the fix was actually made
  • 11. Insider Threat – Analysis and Countermeasures 11 Challenges – TimeAssetCriticality Vulnerability discovered Exploit public Automated exploit Discovery Remediation Cost to ignore vulnerability is greater than the cost to repair Threat Level Risk Threshold
  • 13. Insider Threat – Analysis and Countermeasures 13 Vulnerability Management Lifecycle
  • 14. 10 Step Approach: Implementing An Effective VM Strategy
  • 15. Insider Threat – Analysis and Countermeasures 15 Step 1 - Identify all the assets needing protection  Identify assets by:  Networks  Logical groupings of devices  Connectivity - None, LAN, broadband, wireless  Network Devices  Wireless access points, routers, switches  Operating System  Windows, Unix  Applications  IIS, Apache, SQL Server  Versions  IIS 5.0, Apache 1.3.12, SQL Server V.7
  • 16. Insider Threat – Analysis and Countermeasures 16 Asset Prioritization  Network-based discovery  Known and “unknown” devices  Determine network-based applications  Excellent scalability  Agent-based discovery  In-depth review of the applications and patch levels  Deployment disadvantages  Network- and agent-based discovery techniques are optimal  Agents - Cover what you already know in great detail  Network - Identify rogue or new devices  Frequency  Continuous, daily, weekly  Depends on the asset
  • 17. Insider Threat – Analysis and Countermeasures 17 Step 2 - Vulnerability Identification  Knowing what vulnerabilities exist for each asset and the criticality of that vulnerability is essential in determining how best to secure it.
  • 18. Insider Threat – Analysis and Countermeasures 18 Correlate Threats
  • 19. Insider Threat – Analysis and Countermeasures 19 Correlate Threats  Not all threat and vulnerability data have equal priority  Primary goal is to rapidly protect your most critical assets  Identify threats  Worms  Exploits  Wide-scale attacks  New vulnerabilities  Correlate with your most critical assets  Result = Prioritization of vulnerabilities within your environment
  • 20. Insider Threat – Analysis and Countermeasures 20 Step 3 - Consistent Vulnerability Management  Use consistent, high‐frequency scanning  Reduce the volume of vulnerabilities from any one scan
  • 21. Insider Threat – Analysis and Countermeasures 21 Step 4 - Risk Assessment  Accurate and timely details on the vulnerabilities that exist.  Employ a consistent vulnerability management approach
  • 22. Insider Threat – Analysis and Countermeasures 22 Determine Risk Level
  • 23. Insider Threat – Analysis and Countermeasures 23 Risk Calculation  The Union of:  Vulnerabilities  Assets  Threats  Based upon the criticality of VAT  Focus your resources on the true risk
  • 24. Insider Threat – Analysis and Countermeasures 24 Step 5 - Change Management  Integrate change management with a consistent vulnerability management process
  • 25. Insider Threat – Analysis and Countermeasures 25 Step 6 - Patch Management  An effective vulnerability management program  Feedback from the patch management program
  • 26. Insider Threat – Analysis and Countermeasures 26 Step 7 – Mobile Devices  Mobile devices evade traditional vulnerability and compliance management methods  Integrate with Mobile Device Management (MDM) systems or deploy technology
  • 27. Insider Threat – Analysis and Countermeasures 27 Step 8 - Mitigation Management  Manage vulnerabilities in the event no software update or fix to address the vulnerability is available  Identify alternative ways to manage the exposure
  • 28. Insider Threat – Analysis and Countermeasures 28 Remediation
  • 29. Insider Threat – Analysis and Countermeasures 29 Remediation / Resolution  Perfection is unrealistic (zero vulnerabilities)  Think credit card fraud – will the banks ever eliminate credit card fraud?  You have limited resources to address issues  The question becomes:  Do I address or not?  Factor in the business impact costs + remediation costs  If the risk outweighs the cost – eliminate or mitigate the vulnerability!
  • 30. Insider Threat – Analysis and Countermeasures 30 Remediation / Resolution Apply the Pareto Principle – the 80/20 rule Focus on the vital few not the trivial many 80% of your risk can be eliminated by addressing 20% of the issues The Risk Union will show you the way Right assets Relevant threats Critical vulnerabilities
  • 31. Insider Threat – Analysis and Countermeasures 31 Remediation / Resolution Patch or Mitigate Impact on availability from a bad patch vs. the risk of not patching Patch or mitigate Recommendations: QA security patches 24 hours Determine if there are wide spread problems Implement defense-in-depth
  • 32. Insider Threat – Analysis and Countermeasures 32 Step 9 - Incident Response  The security of an organization’s systems is only as effective as how it responds to a security breach  Ensuring the incident response process is alerted to the issue can provide a number of benefits
  • 33. Insider Threat – Analysis and Countermeasures 33 Step 10 - Automation  The final key to a successful vulnerability management program is automation  Time is of the utmost importance in detecting, assessing and remediating any vulnerability  Manual processing of large amounts of data is extremely time consuming and prone to error.  Reduce the human element
  • 34. Insider Threat – Analysis and Countermeasures 34 Summary  All assets are not created equally  You cannot respond to or even protect against all threats  An effective vulnerability management program focuses on Risk  Vulnerabilities  Assets  Threats  The hardest step in a 1000 mile journey is the first – start somewhere  Strategically manage vulnerabilities using a comprehensive process
  • 35. Insider Threat – Analysis and Countermeasures 35 Questions?
  • 36. 36 36 10 Steps to Effective Vulnerability Management Alex DaCosta, Retina Product Manager