Accelerate Patching Progress in the Enterprise. Wolfgang Kandek CTO Qualys, Inc.

Similar documents
Accelerate Patching. the Enterprise. Wolfgang Kandek Qualys, Inc. Session ID: STAR-301 Session Classification: Intermediate

Reducing the cost and complexity of endpoint management

Closing the Vulnerability Gap of Third- Party Patching

Justin Kallhoff CISSP, C EH, GPCI, GCIH, GSEC, GISP, GCWN, GCFA. Tristan Lawson CISSP, C EH, E CSA, GISP, GSEC, MCSA, A+, Net+, Server+, Security+

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

User s Guide. Skybox Risk Control Revision: 11

SIMPLIFYING THE PATCH MANAGEMENT PROCESS

The Importance of Patching Non-Microsoft Applications

Secunia Corporate Software Inspector (Secunia CSI) ver.5.0

How to Grow and Transform your Security Program into the Cloud

Hardware and Asset Management Program

The Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director

Desktop Security. Overview and Technology Guidance. Michael Ramsey Network Specialist, NC DPI

Cyber Essentials PLUS. Common Test Specification

Complete Patch Management

Cyber Essentials Questionnaire

Dupaco Cafe Secure your business Your time is valuable how F-Secure can help you make the most out of it

IBM Endpoint Manager Product Introduction and Overview

Patch and Vulnerability Management Program

THE SECURITY EXPOSURE

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Virtual Patching: a Proven Cost Savings Strategy

How To Monitor Your Entire It Environment

How To Protect A Virtual Desktop From Attack

Tackling Third-Party Patches

UP L04 Introduction to 3 rd Party Patching Using the 4A Model Hands-On Lab

5 Steps to Advanced Threat Protection

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Implementing Desktop Application Environments

EXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.

Northwestern University Dell Kace Patch Management

Dell KACE K1000 System Management Appliance Version 5.4. Patching and Security Guide

Industrial Security for Process Automation

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Practical Patch Compliance

Hardware Requirements

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

AUTOMATING THE 20 CRITICAL SECURITY CONTROLS

ISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Desktop Virtualization and Cloud Computing Systems Security Audit Committee Item 5 July 14, 2011 Shaun Coyne

Deep Security Vulnerability Protection Summary

Patch Management Policy

Lumension Endpoint Management and Security Suite

Virtualization Journey Stages

THE TOP 4 CONTROLS.

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Information Technology Policy

Patch Management Solutions Test

Symantec Client Management Suite 8.0

Critical Security Controls

Lumension Guide to Patch Management Best Practices

IBM Security QRadar Vulnerability Manager Version User Guide IBM

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Driving Company Security is Challenging. Centralized Management Makes it Simple.

WHY PATCH MANAGEMENT MATTERS

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering!

Protecting Your Organisation from Targeted Cyber Intrusion

Information Security for the Rest of Us

IBM Tivoli Endpoint Manager for Security and Compliance

Secure Your Mobile Workplace

Complete Patch Management

IBM Tivoli Endpoint Manager for Lifecycle Management

Virtual Patching: a Compelling Cost Savings Strategy

SANS Top 20 Critical Controls for Effective Cyber Defense

ClearSkies SIEM Security-as-a-Service (SecaaS) Infocom Security Athens April 2014

Web Security. Discovering, Analyzing and Mitigating Web Security Threats

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

Why Free Patch Management Tools Could Cost You More

Medical Device Security Health Group Digital Output

HP Client Automation Standard Fast Track guide

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

AVeS Cloud Security powered by SYMANTEC TM

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

PATCH MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Managing non-microsoft updates

Transcription:

Accelerate Patching Progress in the Enterprise Wolfgang Kandek CTO Qualys, Inc.

Introduction Patch Management Patch Progress Data Common Steps Case Studies Actions Summary References Q&A 2

Patch Management Patches fix functional and security problems (vulnerabilities) on Operating Systems and Applications Patching is the best protection against malware infections Malware enters mainly through web browsing and e-mail and attempts installation through known vulnerabilities Malware toolkits allow low tech specialists to act in the market Toolkits include 5-15 vulnerabilities (Mostly Apps, some OS) Toolkit generated malware has a success rate between 5% and 30% and bypasses typical AV software Cost is between 500-5000 US$ and vendors charge for maintenance and new versions similar to normal software Elenore, Crimepack, Liberty, El Fiesta, ipack, Blackhole 3

Patch Management Patches fix functional and security problems (vulnerabilities) on Operating Systems and Applications Patching is the best protection against malware infections Malware enters mainly through web browsing and e-mail and attempts installation through known vulnerabilities Malware toolkits allow low tech specialists to act in the market Toolkits include 5-15 vulnerabilities (Mostly Apps, some OS) Toolkit generated malware has a success rate between 5% and 30% and bypasses typical AV software Cost is between 500-5000 US$ and vendors charge for maintenance and new versions similar to normal software Elenore, Crimepack, Liberty, El Fiesta, ipack, Blackhole 4

Patch Management Patches fix functional and security problems (vulnerabilities) on Operating Systems and Applications Patching is the best protection against malware infections Malware enters mainly through web browsing and e-mail and attempts installation through known vulnerabilities Malware toolkits allow low tech specialists to act in the market Toolkits feature between 5-15 vulnerabilities Toolkit generated malware has a success rate between 5% and 30% and bypasses typical AV software Cost is between 500-5000 US$ and vendors charge for maintenance and new versions similar to normal software Elenore, Crimepack, Liberty, El Fiesta, ipack 5

Patch Management Patches fix functional and security problems (vulnerabilities) on Operating Systems and Applications Patching is the best protection against malware infections Malware enters mainly through web browsing and e-mail and attempts installation through known vulnerabilities Malware toolkits allow low tech specialists to act in the market Toolkits feature between 5-15 vulnerabilities Toolkit generated malware has a success rate between 5% and 30% and bypasses typical AV software Cost is between 500-5000 US$ and vendors charge for maintenance and new versions similar to normal software Elenore, Crimepack, Liberty, El Fiesta, ipack 6

Patch Management Average desktop machine requires monthly patches to be current and robust Sample numbers of security patches in 2009: Adobe: 19 bulletins Apple: 34 security updates Microsoft: 74 bulletins RedHat: 124 advisories Numbers are growing: Microsoft already has had 84 advisories in 2010 ZDI reported increasing number of collisions on vulnerability submissions (see Top 20 Cyber Security Risks Report) 7

Patch Progress - Laws of Vulnerabilities Worldwide coverage 2009 80M IPs scanned, 680M vulnerabilities 72M+ vulnerabilities of critical severity External (Internet) and Internal (Intranet) 200 external scanners and 5000+ internal scanners Data is anonymous and non traceable Simple counters are kept during scanning Summarized and logged daily Trends by Industry Area and Application Type 5 major industries Operating System and Applications 8

Laws of Vulnerabilities 2.0 Half-Life 140 Overall Critical Vulnerabilities 72M data points 120 100 Half-Life = 29.5 days 80 60 40 20 0 9

Laws 2.0 Half-Life - 2009 P e r c e n t 120 100 80 60 40 20 0 Microsoft OS vulnerabilities 0 10 20 30 40 50 60 70 80 90 100 110 P e r c e n t 120 100 80 60 40 20 0 Adobe Acrobat APSA09-1 & APSA09-02 0 10 20 30 40 50 60 70 80 90 100 110 120 Days Days P e r c e n t 120 100 80 60 40 20 0 MS09-017 - Powerpoint - 5/12/2009 0 5 10 15 20 25 30 35 40 45 50 55 60 Days 10

1 1 Patch Progress Data Patch Progress uneven Industries Applications Source: Project Quant - Securosis

1 2 Patch Management Common Steps Intelligence Monitoring NVD, Secunia, Symantec, US CERT, Verisign Vendors: Adobe, Apple, Microsoft, Oracle, RedHat Testing Internal Lab First and Second Adopters Group Deployment Automation Agent based: BigFix, Lumension, Microsoft WSUS (Eminent, Secunia for non Microsoft) Remote: Shavlik Verification

1 3 Case Study 1 Media company - 10,000+ IPs under Management Windows and Macintosh Workstations 10 days for critical OS and Application patches Backend Infrastructure 30 days (database, applications) Quality Assurance Phase 1 volunteers < 1 % - day 2 Phase 2 10 % day 3 and 4 Phase 3 100 % starts day 5

1 4 Case Study 2 High-tech company - 200+ IPs under Management Windows Workstations - thin clients and laptops 4 days for critical OS and Application patches Backend Infrastructure - Windows 10 days (database, applications) Quality Assurance One Phase internal testing

1 5 Case Study 3 Technology - 300,000+ IPs under Management Windows Workstations 8 days for critical OS and Office patches Backend Infrastructure 30 days (database, applications) Quality Assurance Phase 1 1 % - day 1 Phase 2 10 % day 2 and 3 Phase 3 100 % starts day 4

1 6 Common Characteristics Accurate Inventory challenging Traditional defenses taxed Firewall, IPS increasingly mobile systems AV Anti Malware signature quantity and freshness Attacker competence rising Professionally driven, profit oriented Division of labor with specialization Exploit availability now measured in days, 0-day has become a common term Targeted Attacks Multiple OS and Application platforms

1 7 Common Characteristics Divide and Conquer Vertical Partitioning Workstations = streamlined testing, fast patching Servers = longer test cycles, normal patching Slow patching on request -> additional security techniques Stringent Firewalling Bastion Hosts IPS systems

1 8 Common Characteristics Horizontal Partitioning Internet Explorer = streamlined testing, fast patching Adobe Reader = streamlined testing, fast patching Office Applications = streamlined testing, fast patching Servers = longer test cycles, normal patching Slow patching on request -> additional security techniques Stringent Firewalling Bastion Hosts IPS systems Patch prioritization tools - Superseded patches, IPS integration

1 9 Actions Local: Get an Accurate Inventory with Network Mapping Tools Use an Automated Patch System Minimize installed software, alternate versions Investigate autonomous patching Verify successful application of patches Develop a strategy for mobile systems Global: Contact Microsoft, request Distribution of 3 rd party patches start with Adobe, then Oracle (Java) and Apple

2 0 Up and Coming Virtualization Additional vulnerabilities, Dormant VM patching VDI, application streaming Autonomous Applications Firefox autonomous patching Chrome with silent patching Adobe Reader, automatic patching Smartphones, Tablets Enduser owned systems

2 1 Summary Diversity and Mobility of IT devices increasing Vulnerability/Exploit cycle accelerating Standard defenses stressed Patching, a fundamental protection Fast patching a challenge to many companies Accurate Inventory, an automated Patch system and a trustworthy verification system are key to a successful patching program

2 2 References Exploits kits and speedup http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html http://isc.sans.org/diary.html?storyid=8437 http://vrt-sourcefire.blogspot.com/2010/03/apt-should-your-panties-be-in-bunch-and.html Project Quant http://www.securosis.com/research/project-quant Patch Management Community http://www.patchmanagement.org Qualys Laws of Vulnerabilities 2.0 http://laws.qualys.com Secunia Security Exposure of Software Portfolios http://secunia.com/gfx/pdf/secunia_rsa_software_portfolio_security_exposure.pdf Top 20 Cyber Security Risks http://dvlabs.tippingpoint.com/toprisks2010

2 3 Q&A Thank You wkandek@qualys.com http://laws.qualys.com http://twitter.com/wkandek

Thank you! Wolfgang Kandek CTO Qualys, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information