There is a critical relationship between Software Asset Management and Vulnerability Management. Many aspects of the work to manage software assets have a direct impact on the security and risk profile of organizations. If you work in Software Asset Management: “whether you realize it or not, you play an important role in Information and IT Security.” And, you also collect and manage a wealth of data that is critical to identifying software vulnerabilities and mitigating security risk. Organizations that are able to leverage software asset inventory data combined with software vulnerability data can rapidly address the most critical cybersecurity threats and stay ahead of the game. They can more effectively reduce the attack surface for cybercriminals and hackers, keeping their business protected from threats like ransomware and out of the infamous data breach news. View these slides to see how these two disciplines—Software Asset Management and Security, can work together to help organizations be more efficient and more secure.

1. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential1
SAM and Security Teams Must Join Forces to
Enhance Security

2. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential2
Speakers and Agenda
Agenda
• SAM and Security Team
Responsibilities
• Security Process
• SAM Impact on Security
• Vulnerability Management
• Integrated Solutions
Marcelo Pereira
Product Marketing Manager
Flexera Software
John Emmitt
Manager, Enterprise Marketing
Flexera Software
>>Click here to Watch this Webinar On Demand Now<<

3. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential3
SAM Team Responsibilities
• License Compliance and Audit Defense
• Software License Agreements, Renewals and
Annual True-ups
• License Reharvesting and Reuse

4. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential4
IT Security Team Responsibilities
• Implementation of Security Policies and Processes
• Mitigate Risk of Breaches
• Maintain Compliance with Corporate and Industry
Regulatory Policies

5. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential5

6. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential6
Incidents WILL happen – Build resilience
Prevent
Processes and
technologies to close
holes and cracks
through which hackers
launch their attacks
Detect and Respond
Processes and
technologies to identify
attacks, stop them and
address the issues
associated with the
attack

7. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential7
Reduce the Attack Surface – Prevention
Software Deployed
Software Deployed
Software
Deployed
Unpatched, vulnerable software End-of-life, unsupported software

8. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential8
• Foundation
– Privilege control
– Segregation of duties
– Security training
– Patch Management
– Vulnerability Assessment
• Hardening
– Penetration testing
– Configuration Hardening
– SIEM
• Advanced
– Advanced Threat Detection
– Network Behavior Analysis
– Network forensics

9. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential9
Infrastructure Management
Security outside security functions

10. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential10
SAM Team Impact on Security
You can provide software inventory data
You own processes and tools to introduce and retire
applications
You help manage software upgrades
You have visibility over software usage
1
2
3
4

11. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential11
“Organizations that do not have complete software
inventories are unable to find systems running vulnerable or
malicious software to mitigate problems or root out
attackers.”
– SANS
“Enterprise patch management is dependent on having a
current and complete inventory of the patchable software
(applications and operating systems) installed on each host.”
– NIST
Sources:
SANS: ‘Critical Controls for Effective Cyber Defense’. Version 4.1. Page 12. http://www.sans.org/critical-security-controls/
NIST: Special Publication 800-40 Revision 3: ‘Guide to Enterprise Patch Management Technologies.’ Page 6 . http://www.nist.gov/itl/csd/guides-082013.cfm
Visibility – Inventory

12. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential12
Normalized Inventory Data is the Common Foundation
Normalized
Inventory Data
SAM Tool
Software
Vulnerability
Management
License
Entitlements
Vulnerability Data
Raw Discovery & Inventory Data
Asset
List
>>Click here to Watch this Webinar On Demand Now<<

13. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential13
Reduce the Introduction of Unauthorized Software
“By 2017, 25 percent of enterprises will have an
Enterprise App Store for Managing Corporate-
Sanctioned Apps on PCs and Mobile Devices.”
- Gartner

14. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential14
Reduce the Attack Surface by Eliminating Redundant and
Outdated Software
Source: Deloitte 2015
Rationalize & Consolidate Software

15. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential15
“Organizations need to plan for regular
upgrades and recognize the value of taking
control of their critical infrastructure proactively
– before an adversary does.”
- Cisco
Source: “Cisco Annual Security Report 2016” http://www.cisco.com/c/m/en_us/offers/sc04/2016-annual-security-report/index.html

16. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential16
Remove Unused Software to Reduce the Software Footprint
Enterprise App Store

17. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential17
How does Software Asset Management Relate to the
Software Vulnerability Management Lifecycle?

18. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential18
Software Vulnerability Management – Mitigate Risk
SOFTWARE
VULNERABILITIES
are an entry point for hackers or
work as enablers of privilege
escalation.

19. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential19
Vulnerabilities In All Products In 2015: 16,081
A 39% Increase In Vulnerabilities (5 Year Trend)
Source: “Flexera Software Vulnerability Review 2016.” http://www.flexerasoftware.com/enterprise/resources/research/vulnerability-review/
16,081 vulnerabilities were discovered in 2,484 vulnerable products.

20. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential20
Time To Patch!
Patch Availability On The Day A Vulnerability Is Disclosed Is Improving
84% of all registered vulnerabilities had patches available on the day of disclosure.
You can patch most vulnerabilities – the trick is knowing what to patch.
Source: “Flexera Software Vulnerability Review 2016.” http://www.flexerasoftware.com/enterprise/resources/research/vulnerability-review/

21. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential21
What You Are Up Against
Time to first-known exploitation
Source: “2016 Data Breach Investigation Report” Verizon http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

22. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential22
Vulnerability Management in today’s world
Security intelligence and management platforms to manage volume
“The increasing volume (of patches and upgrades)
is a main driver for organizations automating their
vulnerability management through the use of
security intelligence and management platforms
that help manage the volume of system and
software inventory, vulnerability, and threat
information.” - Cisco
Source: “Cisco Annual Security Report 2016”
http://www.cisco.com/c/m/en_us/offers/sc04/2016-annual-security-report/index.html

23. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential23
Our SAM and Security Vision
Enhanced Risk Management
Enhanced Vendor Management
Enhanced Application Portfolio
Management

24. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential24
Leverage Common Inventory for Software Vulnerability
Management – Maintain the Asset List
Data Feeds
Agent & Agent-less
Discovery for
Windows, UNIX,
Linux, MAC,
VMs, etc.
More easily monitor a
complete list of
applications for software
vulnerability advisories

25. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential25
Software Vulnerability Management Products
Reliable, Transparent, Integrated, Cloud-deployed Solutions
• Tactical handling of
vulnerability threats
• Risk assessment and
prioritization based on
vulnerability
intelligence from in-
house research
• Customer base
includes Financial
organizations, Energy
& Utilities and MSSPs
supporting customers
in highly regulated
industries
• Intelligent Security
Patching for the
Enterprise
• Closes the gap
between IT Operations
and Security
Secunia
Research
Vulnerability Database

26. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential26
SAM & Security Teams Must Work Together
• Leverage Common Inventory Data
• Reduce Software Footprint and
Attack Surface
• Increase Operational Efficiency
SAM Security

27. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential27
Resources
• Video: Vulnerability Intelligence Q&A
• Datasheet: Flexera Software Solutions for Enterprises
• White Paper: Normalized Inventory Data: The Foundation for Software Asset
Management. IT Service and Security
• White Paper: Vulnerability Intelligence: Incorporating the Most Critical
Component of a Full Compliance Solution
• Contact us

28. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential28
Contact Information:
Marcelo Pereira
Mpereira@flexerasoftware.com
For more information go to:
www.flexerasoftware.com/Enterprise
John Emmitt
JEmmitt@flexerasoftware.com
>>Click here to Watch this Webinar On Demand Now<<