Why Patch Management is Still the Best First Line of Defense

Today’s Speaker

2

Paul HenrySecurity & Forensics AnalystMCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCESANS Institute Instructor

Today’s Agenda

More Vulnerabilities – Beyond Just Microsoft

Increased Sophistication of Attacks

Patch Management Challenges

The Best First Line of Defense

Q&A

More Vulnerabilities…Beyond Just Microsoft

Vulnerabilities AND Exploits on the Rise

Report: Exploits Rate Reaches 61 Percent in January 2011

• Attackers exploited more new vulnerabilities in January than usual, writing exploits for half of 'critical' vulnerabilities

Source: Dark Reading, February 3, 2011

5

Known Vulnerabilities Still Being Exploited

Source: M86 Security

6

Growing Application Risk – No Longer Just Microsoft

» Social networking applications were detected in 95% of organizations. *

» 78% of Web 2.0 applications support file transfer.*

» 2/3 of applications have known vulnerabilities.*

» 28% of applications were known to propagate malware.*

* Palo Alto Networks Application Survey 2009, 2010

7

Increasing # of Web App Vulnerabilities

IBM X-Force

8

Web Applications are the Leading Attack Path

The applications we use today for productivityCollaborative / Browser-based / Open Source

Social Communities, Gadgets, Blogging and Widgets open up our networks to increasing risk everyday.

Source: Verizon, 2010 Data Breach Investigations Report

9

Increased Sophistication of Attacks

Multiple Vectors and Multiple Exploits

11

Abusing Unintended Consequences

12

Better Tools For The Bad Guys

13

Point And Click Malware Design

14

Why Buy It When You Can Rent It?

15

Common Denominator

In a recent data breach study of 500 breaches….. 90% of the exploits used for entry had patches available for 6 months or longer. The same study went on to point out that 50% of systems have 10 or more vulnerabilities for which patches are currently available for.

16

Patch Management Challenges

Minimize Your True Endpoint Risk

Source: John Pescatore Vice President, Gartner Fellow

30% Missing Patches

Areas of Risk at the Endpoint

65% Misconfigurations

5% Zero-Day

•Patch and configuration analysis and delivery are needed across all systems; operating systems and applications.

•Unmanaged endpoints on the network are unknown and unprotected.

•Application and operating system patching is not benchmarked or continuously enforced.

•Standard configurations are not assessed or enforced.

•Un-patched browsers represent the highest risk for web-borne malware.

18

Lack of Resources and Coordination

» Reduced IT personnel and network resources• Decrease the Effectiveness of

Endpoint Operations & Security

» Lack of visibility and coordination• IT Operations and IT Security are

not always coordinated• Reduced ability to manage

organizational compliance and IT risk

19

The Old Approach Doesn’t Work

•Fragmented approach to vulnerability management

•Tools do not consolidate or centralize the management of heterogeneous environments

•High management overhead & cost

•Lack of visibility of the overall security posture

•Don’t discover blind spots or hidden devices

•Disparate reporting

20

The Best First Line of Defense

Patching Client Side Apps Now #1 Priority

The problem of un-patched client-side vulnerabilities is one of the two most pressing priorities organizations need to address to mitigate cyber security risks.

Most organizations today take at least twice as long to patch third-party application vulnerabilities than they do to patch operating system vulnerabilities.

SANS Institute, Top Cyber Security Risks, September 2009

22

Managing Vulnerabilities: Best Practices

Assess Prioritize Remediate Repeat• Identify all IT assets (including platforms, operating systems, applications, network services)

• Monitor external sources for vulnerabilities, threats and intelligence regarding remediation

• Scan all IT assets on a regular schedule for vulnerabilities, patches and configurations

• Maintain an inventory of IT assets

• Maintain a database of remediation intelligence

• Prioritize the order of remediation as a function of risk, compliance, audit and business value

• Model / stage / test remediation before deployment

• Deploy remediation (automated, or manually)

• Train administrators and end-users in vulnerability management best practices

• Scan to verify success of previous remediation

• Report for audit and compliance

• Continue to assess, prioritize and remediate

Source: Aberdeen Group, Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), December 2010

23

1. Discovers: Ensures complete visibility of all IT assets, both managed and unmanaged.

2. Assesses: Performs a deep analysis and thorough OS, application and security configuration vulnerability assessments.

3. Prioritizes: Focuses on your most critical security risks first.

4. Remediates: Automatically deploys patches to an entire network per defined policy to support all OS’s and applications – to both online AND offline machines.

5. Reports: Provides operational and management reports that consolidate discovery, assessment and remediation information on a single management console.

Comprehensive and Actionable IT Risk Mitigation

Lumension® Endpoint Management & Security Suite: Patch & Remediation

24

•Lumension Endpoint Management and Security Suite is an extensible solution suite that reduces complexity, optimizes TCO, improves visibility and delivers control back to IT.

Streamline Patch Management Across Your Environment

» Reduces Complexity and TCO through effective automation of operational tasks

» Provides Greater Visibility and Into Control Over your network’s endpoints

» Improves Operational Efficiency with a single console to manage multiple functions

» Elevates Security and Compliance Posture through automatic policy enforcement

25

Patch is Core Component of Defense-in-Depth

BlacklistingAs The Core

Zero Day

3rd Party Application

Risk

MalwareAs a

Service

Consumerizationof IT

Defense-N-Depth

Traditional Endpoint Security

Patch & Configuration

Mgmt.

Emerging Endpoint Security Stack

26

Q&A

Next Steps

28

•Overview of Lumension® Patch and Remediation

» http://www.lumension.com/Resources/Demo-Center/Overview-Vulnerability-Management-Solution.aspx

•Vulnerability Scanner Tool» http://www.lumension.com/Resources/Security-Tools/Vulnerability-Scanner.as

px

•Third Party Analysis» Forrester Wave: Vulnerability Management 2010

• http://www.lumension.com/Resources/Reports/Forrester-Wave---Vulnerability-Management-Q2-2010.aspx

» Tolly Report: TCO Comparison - Lumension® vs. Microsoft ® WSUS• http://www.lumension.com/Resources/WhitePapers/Lumension-Vulnerability-Manag

ement-Microsoft-WSUS.aspx

Global Headquarters8660 East Hartford Drive

Suite 300

Scottsdale, AZ 85255

1.888.725.7828

info@lumension.com