Weitere ähnliche Inhalte Kürzlich hochgeladen (20) 2017 Software Vulnerability Management Resolutions1. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential1
2017 Software Vulnerability Management Resolutions
Marcelo Pereira
Product Marketing Manager
Flexera Software
2. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential2
“Gartner clients find the coordination and
orchestration of vulnerability remediation
efforts a perennial point of operational failure
for vulnerability management projects.
Success requires coordination between IT
security and IT operations for activities such
as patch management and configuration
hardening.”
- Gartner, “Threat and Vulnerability Management Primer for 2017”, January 2017
3. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential3
Poll question 1
• Organizations continue to fail to improve their patch
management processes, with consequences to their risk
posture. In your opinion, what is the MAIN reason for that?
– a) Most or organizations don’t have the resources to patch all their
applications
– b) Most organizations do not prioritize security patches
– c) In most organizations, performance metrics for patch
management do not include security measures such as risk
reduction
– d) Most organizations do not have the tools to support prioritization
of security patches
“As we’ve advised in past reports, security professionals should make a
concerted effort to prioritize patches” - Cisco 2017 ACR
4. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential4
Resolution 1
In 2017 I will start from the basics!
>> To watch the webinar reply - register here <<
5. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential5
Security Layers
• Foundation
– Privilege control
– Segregation of duties
– Security training
– Patch Management
– Vulnerability Assessment
• Hardening
– Penetration testing
– Configuration Hardening
– SIEM
• Advanced
– Advanced Threat Detection
– Network Behavior Analysis
– Network forensics
6. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential6
Exploits
Time to first-known exploitation
Source: “2016 Data Breach Investigation Report” Verizon http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
7. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential7
Resolution 2
In 2017 I will work with my team to align
with our organization’s security strategy
>> To watch the webinar reply - register here <<
8. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential8
9. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential9
10. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential10
Resolution 3
In 2017 I will transform my organization’s
approach to patch management!
>> To watch the webinar reply - register here <<
11. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential11
Prioritizing Security Patches
505
Secunia Research has
written
Advisories in January
2017
12. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential12
Digesting the vulnerability data
No advisory for Extremely Critical
vulnerabilities written in January
Advisories by Criticality
13. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential13
Poll question 2
• Which percentage of the 144 “Highly Critical” Advisories
do you believe had a patch at the time of publication?
– a) 9%
– b) 35%
– c) Less than1%
– d) 95%
– e) 74%
14. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential14
Digesting the vulnerability data
Solution status for the 144 “Highly Critical” Advisories
issued in January 2017
15. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential15
Vulnerability Management in today’s world
Security intelligence and management platforms to manage volume
“The increasing volume (of patches and
upgrades) is a main driver for organizations
automating their vulnerability management
through the use of security intelligence and
management platforms that help manage the
volume of system and software inventory,
vulnerability, and threat information.”
- Cisco
Source: “Cisco Annual Security Report 2016”
http://www.cisco.com/c/m/en_us/offers/sc04/2016-annual-security-report/index.html
16. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential16
My objective
At the end 2017 I will be able to
demonstrate how my work and the work
of my team have made my organization
more secure!
>> To watch the webinar reply - register here <<
17. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential17
WE’RE REIMAGINING THE WAY SOFTWARE IS
w w w . f l e x e r a s o f t w a r e . c o m
SOLD SECUREDMANAGEDBOUGHT
>> To watch the webinar reply - register here <<
18. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential18
www.flexerasoftware.com
Denmark: +45 7020 5144 USA: +1 888 924 8265
>> To watch the webinar reply - register here <<