200 likes | 400 Views
TERRY WELLIVER GREG SYME JUANA WELLS. VEGA. NAVAL POSTGRADUATE SCHOOL. VULNERABILITY MANAGEMENT. FACTS. THERE ARE AND WILL CONTINUE TO BE BUGS AND HOLES IN SOFTWARE THAT CAN BE EXPLOITED. FACTS. VENDORS WILL (OR AT LEAST SHOULD) DO THEIR BEST TO FIX THEM AS FAST AS THEY CAN. FACTS.
E N D
TERRY WELLIVER • GREG SYME • JUANA WELLS VEGA NAVAL POSTGRADUATE SCHOOL
FACTS THERE ARE AND WILL CONTINUE TO BE BUGS AND HOLES IN SOFTWARE THAT CAN BE EXPLOITED
FACTS VENDORS WILL (OR AT LEAST SHOULD) DO THEIR BEST TO FIX THEM AS FAST AS THEY CAN
FACTS BUT THE FIXES WON’T HELP IF YOU DON’T KNOW YOU NEED THEM AND THEN DON’T DEPLOY THEM
FACTS APPLYING FIXES IS GOING TO BE DISRUPTIVE TO NORMAL OPERATIONS, SO YOU NEED AN ACTIVE PLAN AND PROVEN PROCESS FOR ENSURING THAT THE WORK GETS DONE IN A TIMELY FASHION
NAVY MANDATES A FORMAL VULNERABILITY SCANNING PROCESS IN PLACE AND AN ACTIVE PLAN TO ADDRESS VULNERABILITIES THAT ARE DISCOVERED
TIME AND MONEY BUDGETS ARE TIGHT AND TIME IS FINITE
SOLUTION VULNERABILITY SCANNER FIND THE BUGS YOU NEED TO FIX EXPORT THE REPORTS TAKE ACTION ON THE FINDINGS (PDF, CSV) DISTRIBUTE THE REPORTS EMAIL THE SYSTEM ADMINISTRATORS TRACK THE FIXES CREATE YET ANOTHER EXCEL FILE TO TRACK THEM VALIDATE THE FIXES SCAN AGAIN AND START OVER
INTERNET NETWORK PERIMETER DMZ INTERNAL NETWORK
SOLUTION VULNERABILITY SCANNER FIND THE BUGS YOU NEED TO FIX EXPORT THE REPORTS TAKE ACTION ON THE FINDINGS (PDF, CSV) DISTRIBUTE THE REPORTS EMAIL THE SYSTEM ADMINISTRATORS TRACK THE FIXES CREATE YET ANOTHER EXCEL FILE TO TRACK THEM VALIDATE THE FIXES SCAN AGAIN AND START OVER
PROBLEM VULNERABILITY SCANNER FIND THE BUGS YOU NEED TO FIX EXPORT THE REPORTS TAKE ACTION ON THE FINDINGS (PDF, CSV) DISTRIBUTE THE REPORTS EMAIL THE SYSTEM ADMINISTRATORS TRACK THE FIXES CREATE YET ANOTHER EXCEL FILE TO TRACK THEM VALIDATE THE FIXES SCAN AGAIN AND START OVER
SCANNER DATABASE WEBSITE
SCANNER DATABASE ISSUE TRACKING
RUBY SCRIPTS JIRA API RETINA POSTGRES JIRA USER INTERFACE DATA TYPES WORKFLOW NORMALIZATION ACCOUNTABILITY DOCUMENTATION TRACKING FEEDBACK
FUTURE NEW VULNERABILITY SCANNER NESSUS IS REPLACING RETINA GLOBAL RISK ACCEPTANCE IDENTIFY FALSE POSITIVE AND WON’T FIX AUTOMATION MORE, MORE, MORE DELICIOUS CAKE MMMMMM, MMMMMM, GOOD