1 / 13

Quick Wins in Vulnerability Management

Quick Wins in Vulnerability Management. Classification: Confidential Owner: Michael Holcomb Approver: Phil Cirulli Prepared: April 14 th , 2014. Agenda. The Need for Vulnerability Management Clarifications on Vulnerability Management SANS’ Top 20 Critical Controls Master the Basics

mahina
Download Presentation

Quick Wins in Vulnerability Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil Cirulli Prepared: April 14th, 2014

  2. Agenda The Need for Vulnerability Management Clarifications on Vulnerability Management SANS’ Top 20 Critical Controls Master the Basics Perform a Self Audit Continuous Scanning & Remediation Leverage Vulnerability Data in Incident Response Metrics That Count Secure Your ISP

  3. About Michael Holcomb • 25+ years in Information Technology • 15+ years dedicated to Information Security • Sr. Information Security Manager at Fluor • President of Upstate SC ISSA Chapter • CISSP, GCIH, GCIA, etc.

  4. The Need for Vulnerability Management • The quicker we stop an attacker, the less it costs the business • An attacker today will gain access to your resources and they are on your network now • Proper vulnerability management reduces the attack vectors an attacker can exploit for spreading control through the environment • Gives intrusion detection capabilities times to detect intruder and response to eject from network

  5. Clarifications on Vulnerability Management • Vulnerability assessments and vulnerability management are two different things • Vulnerability assessments and penetration testing are two different things • Soft skills are more important than technical skills in vulnerability management • Successful vulnerability management is required to help secure an environment; successful vulnerability scans help ensure compliance

  6. SANS’ Top 20 Critical Controls • Inventory of Authorized and Unauthorized Devices • Inventory of Authorized and Unauthorized Software • Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers • Continuous Vulnerability Assessment and Remediation • Malware Defenses • Application Software Security • Wireless Access Control • Data Recovery Capability • Security Skills Assessment and Appropriate Training to Fill Gaps • Secure Configurations for Network Devices such as Firewalls, Routers, and Switches • Limitation and Control of Network Ports, Protocols, and Services • Controlled Use of Administrative Privileges • Boundary Defense • Maintenance, Monitoring, and Analysis of Audit Logs • Controlled Access Based on the Need to Know • Account Monitoring and Control • Data Protection • Incident Response and Management • Secure Network Engineering • Penetration Tests and Red Team Exercises

  7. Master the Basics

  8. Perform a Self Audit • If you have no Vulnerability Management Program in place today, perform a self audit to discover what vulnerabilities you do have. • Before engaging an outside party to conduct a vulnerability assessment or penetration testing exercise, remediate as many issues as possible.

  9. Continuous Scanning & Remediation • Determine scanning schedule and “window threshold” based on your organization’s requirements • If a new vulnerability is introduced into your environment, how long would it take you to discover and understand the vulnerability? • Compliance requirements, rather than the quest for security, often drive scanning schedules • SEIM solutions now integrating vulnerability scanning management capabilities with host detection capabilities

  10. Leverage Vulnerability Data in Incident Response • Correlate most current vulnerability data to focus intrusion detection response efforts • Identify alerts that can be closed due to inapplicability • Escalate alerts for response based on actual risk for an attack against a specific existing vulnerability

  11. Metrics That Count • Metrics can be used to communicate to technical and non-technical parties the risks associated with existing vulnerabilities within the environment • Such metrics should measure items which can be controlled by the organization • Number of vulnerabilities by risk • Critical, High, Medium/Severe, Low • Average risk (CVSS) score • Remediation time • False remediation

  12. Metrics That Count (cont.) • Sample metrics can be simple, but meaningful • Examples below* demonstrate that while, limited progress is being made for remediating “backlog” of vulnerabilities, processes for addressing new vulnerabilities and patch releases are highly successful

  13. Thank You! • If you have any questions, please don’t hesitate to contact me • Email: michael.holcomb@fluor.com • Phone: 864.281.5958

More Related