1 / 19

Patch Management

Operational Excellence Webinar Series. Patch Management. Dynamics of (in)security. ReBIT in collaboration with Sequretek & Kotak Bank http://webinar.rebit.org.in Webinar support from Cisco. Agenda. Agenda : ReBIT’s Industry Initiatives Stats on Patching Security Vocabulary

cilley
Download Presentation

Patch Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operational Excellence Webinar Series Patch Management Dynamics of (in)security ReBIT in collaboration with Sequretek & Kotak Bank http://webinar.rebit.org.in Webinar support from Cisco

  2. Agenda • Agenda: • ReBIT’s Industry Initiatives • Stats on Patching • Security Vocabulary • Patch and Vulnerability Management Best Practices • Case Study at Kotak Bank • Q/A Sessions

  3. ReBIT’s Industry Initiatives Securing the Financial Sector

  4. ReBIT’s Facilitator Role Business Leader’s - Forum Industry Stakeholders Research Institutions Community Leadership - WG Operational Excellence

  5. ReBIT’sIndustryInitiatives Cybersecurity Assessment Tools VAPT Accreditation Body Auditing and Monitoring Tools Regulatory Technologies & Reporting Operational Excellence Webinar (monthly): Industry initiatives to improve cybersecurity postures DMARC Webinar - with PayPal & ICICI Bank – May 11th Patch Management – Dynamics of (in)security – July 4th Upcoming - FIDO DNSSEC & DNS Governance IR Cybersecurity Awareness Campaign Business Leader’s Forum Cybersecurity Assessment Framework WG Auditing and Monitoring Cybersecurity Maturity Model - WG 6-months effort: Kicked off in Feb, ongoing industry initiative to define a uniform yardstick to assess a firm’s cybersecurity maturity, benchmark and help create evolution roadmap

  6. Vulnerability and Patch Management Some statistics

  7. Patching Vulnerability • Recent incident of Petya/NotPetya and WannaCry underscores the importance of Patch Management • 77% of the total vulnerabilities are because of either poor patching or poor configuration Edgescan 2016 Stats Report

  8. How fast are we fixing vulnerabilities? Edgescan 2016 Stats Report

  9. Median number of days for vulnerability exploit Source: Recorded Future - Week to Weak: The Weaponization of Cyber Vulnerabilities, 2014

  10. Security Vocabulary Talk about security like a pro Source attribution: Cisco

  11. Vulnerability Vulnerability A weakness, design or coding error, or lack of protection in a product that enables an attack. • Lack of protection against code injection • Mishandling of unexpected conditions • Insufficient enforcement of authentication and authorization “What do you mean, vulnerable? It works the way I designed it to!”

  12. Threats Threat A potential danger that could cause harm to information or a system Product Threat Agent Threat Agent An entity that exploits a threat

  13. Exploits and Attacks Exploit A practical method to take advantage of a specific vulnerability Attack The use of an exploit against an actual vulnerability Attack Vector A theoretical application of an exploit “Exploits and attacks go hand in hand…” Zero-Day Attack An attack that exploits a previously unknown vulnerability for which there is not yet a defense

  14. Exposure Exposure • The probability and severity of an attack using a specific exploit • Time between the announcement of a vulnerability and a suitable patch • Any information leak that facilitates an attack Close calls still count! Whether or not an attack is successful, an exposure has still occurred.

  15. Mitigation • PI (Platform Independent) code • Run time defenses • Security features (encryption, packet filtering, logging) Mitigation A strategy for reducing or eliminating the severity of a security issue A few examples… • Reduction in attack surface • Security education and training • Defensive coding • Secure code review

  16. Mitigation Vulnerability and Patch Management Mitigation A strategy for reducing or eliminating the severity of a security issue And the most important

  17. Patch Management Best Practices Deep Dive

  18. ReBIT Operational Excellence Webinar Series Patch Management - Dynamics of (in)security http://webinar.rebit.org.in Visit for future webinars and events

More Related