patch management
DESCRIPTION
Patch Management KnowledgeTRANSCRIPT
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 1/38
Vulnerability and Patch Management
Dr. Thomas Moore, Ph.D.
EMBA, BCSA, BCSP, CISSP, CISM, LCNAD
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 2/38
Vulnerability Management:
What, why, how
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 3/38
What isVulnerability Management?
The ability to assess and secure multi-platform environments.– Protection from internal vulnerabilities such as:
• Machines that do not have the latest hot fixes or service ac!s loaded
• People who have i"aroriate ri#hts to files and directories
• sers who have no asswor$s or easily guessed passwords
• Acco%"ts that have not been disabled once an employee is no longer withthe company
• !mployees who are going against corporate o&icies and who are sendingemails with inappropriate content
Protection from e"ternal vulnerabilities such as:
• n#nown$unsecured %P devices
• &pen ports
• !asily guessed passwords
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 4/38
What isVulnerability Management?
'ombination of management and security tools into one product.!"amples of Management tools:
– (utomated documentation for disaster recovery
– )is# space analysis
– 'ontent scanning *M+ !"change,
– Mailbo" moves *M+ !"change,
– 'hange impact analysis *M+ +,
The ability to audit and document your improved security.
– /e0uisite in ban#ing$healthcare$government or any highly regulatedindustry
– +taff augmentation *cost savings,
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 5/38
Why Vulnerability Management
(ccording to 1artner:+ecurity continues to be one of the topthree issues for '%&s.
Windows2 %%+ and + +erver are the three#ey areas prone to attac#.
3445 was the first time that the securitybudget for the average enterpriseconstituted more than 67 of the overall %Tbudget 8 showing up on the '%&9s pie chart
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 6/38
(lso according to 1artner2 some ways to 0uantify whatyou do are:
• What percentage of #nown attac#s is theorganiation vulnerable to?
• When was that percentage calculated?
• What percentage of company software2 peopleand supplies have been reviewed for securityissues?
• What percentage of downtime is the result of
security problems?• What percentage of nodes in the networ# are
managed by %T?
Why Vulnerability Management
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 7/38
'%& Magaine$PW' survey2;6&'T45:
The top three security-related organiationalpriorities for 3445 were:
• /aise e"$ %ser aware"ess of policy < procedures 8 667• Train staff 8 5;7• )evelop security policies and standards 8 =67
This same survey stated that >47 of orth (mericancompanies used liability as a @ustification forsecurity investments.
(lso in the study2 security investments are @ustifieddue to:• iability$e"posure 8 AB7
• /egulatory re0uirements 8 6=7
• /evenue impact 8 547
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 8/38
Vulnerability Management: More%nsight
(ccording to a +ummer 344= %nfoPro +tudy2 the top operationalproblems or pain points that are driving spending are:C (udit$compliance related 8 5;7C Technology related 8 547C +tandards related 8 ;A7
DThe numbers are staggering: >324B5 new vulnerabilitiesdiscovered in software and hardware last year. ThatEsup A5 percent from 344;. (nd in the first 0uarter of thisyear alone2 the number was FA2545. The volume of flaws
found has been rising at an alarming rate for as long aspeople have #ept statistics.G --eWee#2 (ug. ;;2 344=
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 9/38
VM Trends
“Which of the following would you say is your companyEs highestpriority technology initiative for %T in the ne"t year?G
C Hardware upgrades not as#ed in 3443.
*
• Manage infrastructure still I;J
• &+ upgrades and security *e0ual,
Windows and .!T Magaine *May, 3443 vs. 344= +tudy /esults
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 10/38
Why implement a VM solution?
•Multiple threats across a complex IT infrastructure
•Multiple IT Managers are accountable for specific piecesof the infrastructure, but not all
•Native tools do not provide enterprise-level,consolidated assessment and audit
•A breach in any one area can affect the entireinfrastructure
•rgani!ations must comply "ith some mandatedstandards and practices across the enterprise
•Time and efficiencies gained
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 11/38
uic# ui:
#$ %o" many machines does it ta&e to ma&e a net"or&completely vulnerable'
($ Name three "ays a net"or& may be vulnerable'
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 12/38
/emediate (udit$
(nalye(ssign otify
Publish'ertify$Verify
)efine /ules
Policy 'omplianceVulnerability Management
)irectory (dministration < Migration
/epeat
/is# Management ifecycle
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 13/38
Kenefits of ifecycle
• %ncrease audit coverage and fre0uency
• oo# at ( your servers and wor#stations2( the time
• Provide policies to measure against
• (chieve constant state of audit
More Covera#e ' Com&ete Po&icies ( Less )is!
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 14/38
(utomating the ifecycle
• What percentage of your machines do you auditregularly today?
• Lor best security2 how many should you audit?
• How often do you complete your audit cycle?
• &nly an automated solution can:– (udit ;447 of machines
– %ncrease your audit fre0uency
– )ecrease the time to remediate
– /educe ris#s () reduce costs at the same time
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 15/38
+ustainability
• %s this more wor# than you are doing today?– !+JJ (nd it will continue to growN
– +tart owJ
• With all the other things that are going on2 how can %not only create 8 but mai"tai" a secureenvironment.– 'reate Policies
– (utomate (ssessment with software tools *VM,
– /emediate *VM,
– !valuate *VM,
– +tart &verJ *VM 8 using scheduling,
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 16/38
(ny pitfalls?
Technical:
• )epth of reporting *granularity2 ad-hoc V+ predefined,
• 'losed loop problem identification and /emediation
• +calability– (gents and their associated maintenance
– parallel processing
• ac# of centralied management *combination of
security2 auditing and management tools bundled into product,
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 17/38
&ther benefits
Kusiness reasons:
• =4-F47 reduction in business losses due to downtime
• 34-F47 reduction in lost opportunity costs
• 34-647 reduction in mediation2 recovery time andassociated costs
• ;4-=47 reduction in lost productivity of non-%Tpersonnel
• ;-37 legal e"posure and costs
• ;4-=47 deployment and maintenance
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 18/38
Testimonials
D*VM, solutions reduced our business loss anddowntime when %M)( hit.G DNput out the ;.;million hits that we too#. That was huge.G 8 arge
mid-west financial organiation
DNvulnerability management solution2 we realiedmore than O;24442444 in /&%.G 8 Llorida Hospital
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 19/38
ew trends
on-credentialed scans
• Kenefits– 'ross-platform
– )oesn9t re0uire administrative rights to scan device– eep up with the latest vulnerabilities
– &$+ Lingerprinting with version identification
– %dentify every %P device on the networ#
Total )evices – Managed – *nmanaged
+ogue Machines
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 20/38
Patch Management
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 21/38
What is a patch?
• ( patch2 or Hot Li"2 is an updated file or set of files*e"e2 dll2 sys2 etc, that fi"es a software flaw
• Two types of patches:– +ecurity patches:
Patches that address #nown security vulnerabilities– on-security patches:
Patches that improve performance or fi" functional problems
• +ervice Pac#s– 'ontains all previously released security and non-security
patches *rollups,– 'ontains new patches also
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 22/38
Race Against TimeRace Against TimeCompanies have less time to patch software flaws before Internet worms hit their computer systems.
ame of Worm Vulnerability (lert umber of )ays Worm /eleased
Melissa )ec$ #, -- ./ March (0, --
+admind )ec$ (-, -- 1-. May 2, 3#
+onic 4uly #2, 33 #31 ct$ 53 33
Kugbear March (-, 3# //3 6ept$ 53, 3(
'ode /ed 4une #2, 3# 5# 4uly #- 3#
imda Aug$ #/ 3# 51 6ept$ #2 3#
+pida April #0, 3( 51 May (#, 3(
+ +lammer 4uly (1, 3( #2/ 4an$ (/ 35
+lapper 4uly 53, 3( 1. 6ept$ #1, 3(
Klaster$Welchia$achi 4uly #., 35 (. Aug$ ##, 35
Witty March #2, 31 ( March (3, 31
+asser April #5, 31 #0 April 53, 31
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 23/38
What is patch management?
The process2 through which companiesN
• determine which patches are missing from theirenvironment
• deploy those patches to end user machines
• verify patches were successfully deployed
Automation is a key element of the patch management process. – Computerworld July 200
!"he num#er of patches released makes it almost imperative to employ
automated solutions$ –%artner
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 24/38
Two ey 'omponents
• (n analysis to determine whether or not a target machine is patched
• The distribution of a patch to a target machine
Assessment
7ac&aging 8 )eployment
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 25/38
)eployment &ptions
7atch Assessment
ption 9#:
7ac&agingption 9(:
)eploy to end;user
)eploy to end;user
"< soft"are deployment
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 26/38
Patches for &+ Platforms
Companies have to manually create and keep up to
date a spreadsheet illustrating which patch goes for
which operating system!
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 27/38
'hec# in with the e"perts
• The manual process of patching thousands ofwor#stations and servers in an environment isDnearly impossibleG. *Com%terwor&$+%&y -, /0012
• D1artner estimates that %T managers now spend upto two hours every day managing patches.G*Com%terwor&$+%&y -, /0012
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 28/38
Patch (ssessment-'onsiderations
• (udit the patch process– Why is patch needed?
• /eboot re0uired?• nsigned driver?
• 'onduct an in-depth assessment– 'V! number
– (ffected product
– /eason patch is missing– Kulletin %) < name
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 29/38
Patch (ssessment2 how
( comprehensive meta document2 called M++!'/!.QM2 providesthe intelligence used to analye whether or not a patch isinstalled. %t contains security bulletin name and title2 detailedproduct specific security hotfi"es2 including:
– Liles in each hotfi" pac#age with their file versions andchec#sums
– /egistry #eys that were applied by the hotfi" installationpac#age
– %nformation about which patches supersede other patches
– /elated Microsoft nowledge Kase article numbers– Third party analysis of threats posed by a patch9s vulnerability– in#s to additional information from KugTra02 cross references
to 'V!s2 and more
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 30/38
Patch )eployment
Patch pac#aging
Wiard-based pac#age creation
)ecentralied2 scalable patch distribution method
Pac#aged using standard technology
Patch )eployment Pac#aged %
'entralied patch depolyment
(d-hoc patch distribution
Test deploy
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 31/38
Patch Pac#age 3 Bat 4i&e Creatio"
Example bat file created to install patches.
Without Bindiew you would have to create this
manually for every workstation and patch.
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 32/38
+olution considerationsAgentless
Scalability
Scheduling
Baselining
Executive reportingview
!etailed patch analysis
Comprehensive pre"patch auditing
#ost patch verification auditing
$lexiblecomprehensive patch selection %critical patches&
$lexible patch deployment %critical servers&
'ffice C! central source
Rollbac( capabilities
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 33/38
'ommon Patch Management Tools in!nterprise !nvironments
Microsoft Kaseline +ecurity (dvisor *MK+( ;.42 ;.3,
Microsoft +oftware pdate +ervice *++,
Microsoft +ystems Management +erver *+M+ 3.42344=,
(ctive )irectory 1roup Policies
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 34/38
Microsoft Kaseline +ecurity (dvisor *MK+(;.42 ;.3,
)esigned for small to medium businesses *less than644 machines or ;644 users
o centralied management server or reporting
services
o distributed agents for data collection
)oes not distribute patches
When used with +M+2 developers still have tomanually create patch pac#ages
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 35/38
Microsoft +oftware pdate +ervice *++,
'orporate windowsupdate.com
)oes not evaluate Dbac# officeG applications such as!"change or %%+
o reporting2 only basic log analysis
o distributed agents or distribution points
f
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 36/38
Microsoft +ystems Management +erver*+M+ =.4,
)oes not specifically target security
+oftware deployments *including patches, must becreated manually
o easy way to report on only security patchdeployments
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 37/38
(ctive )irectory 1roup Policies
ot designed for patch deployment
'annot report on software deployments
Targeted distribution points is cumbersome. oumust use multiple 1P&s which is not recommended
'annot monitor software pushes
7/21/2019 Patch Management
http://slidepdf.com/reader/full/patch-management-56d87b57a3289 38/38
<(