Using the Landscape to Mitigate Vulnerability and Enhance Resilience
Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process...
Transcript of Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process...
![Page 1: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/1.jpg)
SESSIONID:SESSIONID:
#RSAC
ZeeAbdelnabi
EstablishingaQualityVulnerabilityManagementProgram
TECH-W03
RedTeamLeadMajorAutomotiveCompany@Infosec_17
![Page 2: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/2.jpg)
#RSAC
2
![Page 3: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/3.jpg)
#RSAC
3
![Page 4: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/4.jpg)
#RSAC
4
![Page 5: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/5.jpg)
#RSAC
![Page 6: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/6.jpg)
#RSAC
Overview
6
WhatisVM?HowtosellastorytobuildaVulnerabilitymanagementprogram
PickingtheRightTool
Evaluatecostsandadvantages:PayingforProfessionalServicesDeploymentvs.TrainingyourTeam
MistakestoAvoidCreatingaRunbook/TabletopExercises
VMLifecycle
Problems
Tips
![Page 7: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/7.jpg)
#RSAC
WhatisVulnerabilityManagement?
7
Theprocesswhenyouaccept,eliminate,ormitigatevulnerabilitiesbaseduponthebusinessriskandthecostassociatedwithfixingthevulnerabilities.
Mostvulnerabilitiesarelongknownbeforetheyareexploited.
![Page 8: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/8.jpg)
#RSAC
WhatdoyouREALLYthinkofVM?
It’srepetitive,time-consuming,seemstoneverend
8
![Page 9: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/9.jpg)
#RSAC
![Page 10: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/10.jpg)
#RSAC
SelltheStorytoEstablishProgramtoManagement
10
Competitorexamples
Growth
Whatbusinessgoalsaremet
Useregulationsandcompliance:S-Ox,HIPAA,GLBAorPCIDSS
Maintainingcompaniesimage
Improvesecurity,IT,andthegeneralbusiness
Specificdeliverables
Identifyandreducerisk…itsnotaboutjustfixingvulnerabilities
![Page 11: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/11.jpg)
#RSAC
11
Privateresearchshownduringlivetalk
![Page 12: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/12.jpg)
#RSAC
12
Privateresearchshownduringlivetalk
![Page 13: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/13.jpg)
#RSAC
13
Privateresearchshownduringlivetalk
![Page 14: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/14.jpg)
#RSAC
14
Privateresearchshownduringlivetalk
![Page 15: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/15.jpg)
#RSAC
Privateresearchshownduringlivetalk
![Page 16: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/16.jpg)
#RSAC
16
Privateresearchshownduringlivetalk
![Page 17: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/17.jpg)
#RSAC
![Page 18: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/18.jpg)
#RSAC
CompareVMTools
18
LearnhowtopickthebesttoolsetforyourEnvironment.
AssetManagementisimportanthere:Whenyouknowwhatyouhave;youcanlookatthesystemsthatcanbemoreeffectivelyscanned
Scadaenv/orOSthattheVMtooldoesn’tscanwhygetit?Whattoolwillscanmostofwhatyouhave
Haveascorecard– weighwhat’smostimportanttoyouListyourmostimportantassets
NeedagoodAssetManagementsystem/tool
![Page 19: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/19.jpg)
#RSAC
ToolSelectionCriteria
19
Activevs.PassiveVM:IfyoucantgetanActivescanningtoolbecauseyoumighthavesystemsthatareveryfragileyoucanusePassive.
Passivedoesn’tscananything…
Ifyouhaveasystemyoudon’twanttoactivelyscan(becauseifyoudo,itwilldie),putitinthePassivetoolandgetAlertsonit
ImplementingToolsthataren’tusedorconfiguredproperlyisawaste:Toomanyfalsepositivesusesresources,causes“alertfatigue”
Toomanyfalsenegativesleadstooverconfidenceandfalsereassurancethatalliswell
![Page 20: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/20.jpg)
#RSAC
MakesuretheToolhas….
20
Adequatedocumentation
Detailedreportsonthediscoveredvulnerabilities,includinghowtheymightbeexploitedandfixed
Generalindustryacceptance
Availabilityofupdatesandsupport
High-levelreportsthatcanbepresentedtomanagersornontechnicaltypes
![Page 21: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/21.jpg)
#RSAC
ToolImplementationGuidelines
21
Consultthereadmeand/oronlineHelpfilesandFAQs.
Studytheuserguides.
UsetheToolinalabortestenvironmentfirst.MakesureitplayswellwithyourotherTools
EnsureTooldeliverspromisedfunctionality
Considerformalclassroomtraining.
![Page 22: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/22.jpg)
#RSAC
OutsourceorBuildCapabilities
22
EvaluatethecostsandadvantagesofpayingforProfessionalServicesdeploymentvstrainingyourteamDeterminetheskillsandcompetenciesnecessarytomakeasuccessfulteamFigureoutamountoftimerequiredtodothis— Increasesspeedandthequalityofdelivery— Freesmanagementtime,enablingcompanytofocusoncorecompetencieswhilenot
beingconferencedaboutconsultants— Possiblelossofcontroloveracompany’sbusinessprocesses— Lowerthanexpectedrealizationofbenefitsandresults
![Page 23: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/23.jpg)
#RSAC
MistakestoAvoid
23
RemediateallthingsPrioritization
Relyingononetool
Scanning,butnotactingonthescanresults
Identifyassetstoavoidscanning
ThinkingthatPatching=VM
Beingunpreparedforazerodayexploit
Rolesandresponsibilities– ProcessImprovement,escalation,accountability
Forgettingcompliancestandardstofollow
![Page 24: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/24.jpg)
#RSAC
MistakestoAvoid
24
PeoplemisinterprettheCVSS;ifCVSSislowdoesn’tmeanriskislow
Whenprioritizingkeepinmindtheattackdepth
Forgettingpolicyscanning
Intelligencegathering:Latestattacks
GarbageIn– GarbageOut(GIGO)
Volumesofuselesschecks
Authenticationvs.Un-authentication– Password(pw)changesWhoisresponsibleforgivingyouthosepwsorchangingthemAlertyourgroupsonpwchanges
![Page 25: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/25.jpg)
#RSAC
25
![Page 26: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/26.jpg)
#RSAC
CreateaRunbook
26
Communicationplan– CommunicationsMatrix– RACIchart
Overview
Management/teamà GOALS
ChallengesthecompanyhasencounteredduringVM
Networkinformation:Domainnames,internalandexternalIPaddresses,networkarchitecture
Assetsforgrouping/tagging,OptionProfilesbuilt
Createscanprofiles:scanningandreportingschedules.
ScanwindowsHowoftencanwescan?
Limitsonbandwidth?
![Page 27: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/27.jpg)
#RSAC
AttackinganAttackersPlan
27
![Page 28: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/28.jpg)
#RSAC
TabletopExercises
28
Demonstraterealliveattackscenarios:Biggestbusinessimpact(greatestrelevancetoorg)
ReviewScenarioBreakitintotactics
Gainassuranceonexistingcontrols
Howreadyareyou?
Helpsseetrendanalysis(seeingthisalot)
Increasesefficiency
Whyweretheybreached,samevulnerabilityused?
AttackpatternsWherearetheyattacking,whataretheydoing?
![Page 29: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/29.jpg)
#RSAC
ResultsandFollow-Up
29
Nowhaveattackerprofiling– attackpatternsbuiltupfromvulns
Buildscenariomodelsensorsandrunexperiments
Whichvulnscanbeexercisedthroughexternalsysteminputtorealizecybereffect
Actionableintelligence
Deepdiveintodarkside
Figuringouthowcansomeonemovethroughournetwork
Programmaturity
Automaticallyinjectpublicandprivatelistsofvulnerabilitiesandorganizethemintostandardizedattackpointsystem
![Page 30: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/30.jpg)
#RSAC
VulnerabilityManagementLifecycle
30
![Page 31: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/31.jpg)
#RSAC
DiscoverPhase
31
What’sactuallyrunninginthedifferentpartsofyournetwork.Accesspoints,webserversandotherdevicesthatcanleaveyournetworkopentoattack.
Operatingsystem,findingopennetworksports,determineswhatservicesareactiveonthoseports.Scanbynetworkrange.
Giveshacker’seyeviewofyournetwork
![Page 32: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/32.jpg)
#RSAC
DiscoverPhaseHelps
32
Wheredevices,suchasafirewalloranIPS,areplacedonthenetworkandhowthey’reconfigured
Whatexternalattackersseewhentheyperformportscansandhowtheycanexploitvulnerabilitiesinyournetworkhosts
Networkdesign,suchasInternetconnections,remoteaccesscapabilities,layereddefenses,andplacementofhostsonthenetwork
Whatprotocolsareinuse
Commonlyattackedportsthatareunprotected
Networkhostconfigurations
![Page 33: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/33.jpg)
#RSAC
33
![Page 34: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/34.jpg)
#RSAC
Prioritize
34
Assetclassificationsystem:Assignbusinessvaluetoassets
Identifythehighestbusinessrisksusingtrendanalysis,Zero-DayandPatchimpactpredictions.
Prioritizeyoursystemssoyoucanfocusyoureffortsonwhatmatters.Someassetsaremorecriticaltobusinessthenothers
Criticalitydependsofbusinessimpact
Identifyassetowners
![Page 35: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/35.jpg)
#RSAC
Prioritize
35
Whichsystems,ifaccessedwithoutauthorization,wouldcausethemosttroubleorsufferthegreatestlosses?
Whichsystemsappearmostvulnerabletoattack?
Whichsystemscrashthemost?
Whichsystemsarenotdocumented,arerarelyadministered,oraretheonesyouknowtheleastabout?
![Page 36: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/36.jpg)
#RSAC
Assess
36
Scansystemsanywherefromthesameconsole:Yourperimeter
Internalnetworkandcloudenvironments
TargethostsbyIPaddress,assetgrouporassettag
ThosethingsyoufindscanandfindoutwhatVulnerabilitiestheyhave
![Page 37: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/37.jpg)
#RSAC
Reporting
37
ReportingConsiderations:Whatreportsarecurrentlygenerated?
Build/Importreporttemplates
Whatinformationisneededfromreports?
Newdatapoints
Whatlevelsreceivereports(executive,linemanagers,linestaff)
MakeITthehero– Promotethemwhentheydoagreatjob&usemetrics
Holdpeopleaccountable
![Page 38: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/38.jpg)
#RSAC
ReportTemplatesandMetrics
38
Establishreporttemplatesandmetricsyouneedtoshowyourprogramissuccessful.
Whatiseachteamtryingtoaccomplish?Add/removestaffPromotecostoptimizationDemonstrateeffectiveness
That’showyouwilldemonstratemetricsonhowmuchworkisbeingdone,howmanyVulnerabilitiesarebeingremediated
Makesurereportsareprovidingvalueandgivingmanagementtherightinformation
![Page 39: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/39.jpg)
#RSAC
TemplateExamples
39
Confirmed4/5sonly
ExecutiveTrendingReport
ExecutiveTrendingReport– 4/5s
ExecutiveTrendingReport– over90days
OverallPatches4+5– Last30days
PatchReport
Youcan’tmanagewhatyoucan’tmeasure
![Page 40: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/40.jpg)
#RSAC
Remediation:FixingVulnerabilities
40
Howmanygroupsareinvolvedinremediationefforts?Thiswilldriveassetgroups/taggingPatching/configurationprocessWilltakeapproximately2-3hoursworkingwitheachgroup
HowpatchingandVulnerabilityremediationiscurrentlyperformedifnotcreateaplanPatchingscheduleWhatpatchingtoolwillyouusePatchtesting(java)Whatgroupsinvolved
![Page 41: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/41.jpg)
#RSAC
Remediation
41
Iftheriskoutweighsthecost– eliminateormitigatetheVulnerability!
Implementmitigatingcontrols(defenseindepth)Intrusionpreventionsystems(IPS)Intelligentfirewalls
HaveaPlan,makesureyouhaveresourcesandpermissiontoacceptshort-termriskstomitigatelong-termvulnerabilities
WhathappensiftheCostoutweighstheRisk
![Page 42: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/42.jpg)
#RSAC
Verification
42
Verifyappliedpatchesandconfirmcompliance
Verifytheticketsaftertheyareclosed
![Page 43: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/43.jpg)
#RSAC
Majorityof2’sand3’s=Misconfiguration
43
Misconfigurationsofsystems,servers,andfirewallsalsoleadtothecompromiseofnetworks.
ChangestoGroupPolicyorotherchangemethods.Thisisawaytoreduceriskintheenvironmentonalargescalewithminimaleffort.Reviewnon-patchableVulnerabilitiestoidentifyquickwinsontheconfigurationsidetoreducerisk.
Removethevulnerabilitiesandbettersecureyoursystems
![Page 44: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/44.jpg)
#RSAC
![Page 45: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/45.jpg)
#RSAC
Problems:Don’tIgnoreIssues
45
TheHighImpactPatches:ReportthatidentifiestheareasthatreducethelargestamountofVulnerabilitiesandVulnerabilitiessoeffortcanbeprioritized.— OpeningupticketsforeachofthesepatchableVulnerabilitiesover90days.— Thiswilldriveremediationandgettheseissuesclosed.
NotusingIPs:TheseIPscanbeusedtoscanothersystemstodriveremediationandactualreductionofrisk.— Reviewinghoststoidentifyiftheyarestillintheenvironment.— HoststhatarenotscannedcannevershowfixedVulnerabilities,andkeeptheVulnerabilitycount
artificiallyhigh.
![Page 46: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/46.jpg)
#RSAC
Problems
46
Thereare305IPsthathavenotbeenscannedinmorethan60dayswithsomehostsnotscannedsinceJuly2010.
SCCMbroken
Teamswillnotauthorizetheappropriatelevelofaccesstorunauthenticatedscans.Pluginthecredentials
Re-openedVulnerabilities
![Page 47: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/47.jpg)
#RSAC
RiskManagement
47
RISK=
AssetsxVulnerabilities xThreatsYoucan controlVulnerabilities.
Focusonyourhighpriorityassets,andReduceyourthreatlandscape
![Page 48: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/48.jpg)
#RSAC
Tips
48
MostorganizationsdoagoodjobofkeepingMicrosoftoperatingsystemsandapplicationsuptodate.Butdon’tfairnearlyaswellwhenitcomestoLinux,UNIX,Mac,and3rdpartyapplicationssuchasAdobe.
Applicationscanningshouldbeaddedtothetypesoftestsperformedtomakesurethatanyneworexistingapplicationarenotvulnerable.
Createainternalhackinglab(recon,scanning,exploitation):✓ Exploitingmissingpatches✓ Attackingbuilt-inauthenticationsystems✓ Breakingfilesystemsecurity✓ Crackingpasswordsandweakencryptionimplementations
![Page 49: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/49.jpg)
#RSAC
Tips
49
Don’tOverlookPhysicalSecurity
Wheneveryonehasastake,wheneveryteamhasskininthegame,thentheburdenofVMissharedandperhapslessenedforeachindividual.
ActFast
![Page 50: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/50.jpg)
#RSAC
50
MakingContacttoReportVulnerabilities
Privateresearchshownduringlivetalk
![Page 51: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/51.jpg)
#RSAC
InaPerfectWorld:YouthinkyourVMprogramwilllooklikethis…
BUT…
![Page 52: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/52.jpg)
#RSAC
![Page 53: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/53.jpg)
#RSAC
Tips
53
FrequentGapAssessments:Makesurethatyougobackoverwhatyoudid.Documentwhatworks,whatdoesn’t,andwhyitdidn’t/failed.Communicatelessonslearnedandcontinuepushingitthroughtheprogramforcontinualimprovement
InternalVulnerabilityassessmentswithpolicycompliancescanningshouldbeperformedandrunmonthly.
Maintainsecuritythroughongoingtestinganddiscovery.
![Page 54: Establishing a Quality Vulnerability Management … What is Vulnerability Management? 7 The process when you accept, eliminate, or mitigate vulnerabilities based upon the business](https://reader031.fdocuments.us/reader031/viewer/2022030417/5aa342547f8b9a1f6d8e585f/html5/thumbnails/54.jpg)
#RSAC
“Apply”Slide
54
Nextweekyoushould:Haveaconversationwiththerightdepartmentandunderstandwhatyoucurrentlydoforvulnerabilitymanagement.
Inthefirstthreemonthsfollowingthispresentationyoushould:DeterminethecurrentlevelofmaturityofyourprogramAssesspreandpostvulnerabilitylifecycle.Performanassessment.
Withinsixmonthsyoushould:SelectacentralizesystemtodumpOSINTvulnerabilitiesandabasiclabsetup.Createaninternalrunbookandperformtabletopexercise