2017 software vulnerability management resolutions

© 2017 Flexera Software LLC. All rights reserved. | Company Confidential1

2017 Software Vulnerability Management Resolutions

Marcelo PereiraProduct Marketing Manager

Flexera Software


“Gartner clients find the coordination and orchestration of vulnerability remediation

efforts a perennial point of operational failure for vulnerability management projects.

Success requires coordination between IT security and IT operations for activities such

as patch management and configuration hardening.”

- Gartner, “Threat and Vulnerability Management Primer for 2017”, January 2017


Poll question 1

• Organizations continue to fail to improve their patch management processes, with consequences to their risk posture. In your opinion, what is the MAIN reason for that?

– a) Most or organizations don’t have the resources to patch all their applications

– b) Most organizations do not prioritize security patches

– c) In most organizations, performance metrics for patch management do not include security measures such as risk reduction

– d) Most organizations do not have the tools to support prioritization of security patches

“As we’ve advised in past reports, security professionals should make a concerted effort to prioritize patches” - Cisco 2017 ACR


Resolution 1

In 2017 I will start from the basics!

>> To watch the webinar reply - register here <<

https://www.brighttalk.com/webcast/8113/244135


Security Layers

• Foundation– Privilege control– Segregation of duties– Security training– Patch Management– Vulnerability Assessment

• Hardening– Penetration testing– Configuration Hardening– SIEM

• Advanced– Advanced Threat Detection– Network Behavior Analysis – Network forensics


ExploitsTime to first-known exploitation

Source: “2016 Data Breach Investigation Report” Verizon http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/


Resolution 2

In 2017 I will work with my team to align with our organization’s security strategy




Resolution 3

In 2017 I will transform my organization’s approach to patch management!




Prioritizing Security Patches

505Secunia Research has

written

Advisories in January 2017


Digesting the vulnerability data

No advisory for Extremely Critical vulnerabilities written in January

Advisories by Criticality


Poll question 2

• Which percentage of the 144 “Highly Critical” Advisories do you believe had a patch at the time of publication?

– a) 9%

– b) 35%

– c) Less than1%

– d) 95%

– e) 74%


Digesting the vulnerability data

Solution status for the 144 “Highly Critical” Advisories issued in January 2017


Vulnerability Management in today’s worldSecurity intelligence and management platforms to manage volume

“The increasing volume (of patches and upgrades) is a main driver for organizations automating their vulnerability management through the use of security intelligence and

management platforms that help manage the volume of system and software inventory,

vulnerability, and threat information.”- Cisco

Source: “Cisco Annual Security Report 2016” http://www.cisco.com/c/m/en_us/offers/sc04/2016-annual-security-report/index.html

http://www.cisco.com/c/m/en_us/offers/sc04/2016-annual-security-report/index.html




My objective

At the end 2017 I will be able to demonstrate how my work and the work of my team have made my organization

more secure!




WE’RE REIMAGINING THE WAY SOFTWARE IS

w w w . f l e x e r a s o f t w a r e . c o m

SOLD SECUREDMANAGEDBOUGHT




CONTACT USwww.flexerasoftware.com

Denmark: +45 7020 5144 USA: +1 888 924 8265

