Presentation is loading. Please wait.

Presentation is loading. Please wait.

What if tomorrow never comes

Published byAllen Fitzgerald Modified over 6 years ago

Similar presentations

Presentation on theme: "What if tomorrow never comes"— Presentation transcript:

1 What if tomorrow never comes
Kent Agerlund Principal Consultant CTGlobal

2 Kent Agerlund

3 Agenda The Storm is now Why is it so difficult
How can Configuration Manager be used to mitigate the risk

4 The STORM is NOW WannaCry, Adylkuzz and Petya are a great examples how neglecting security patches can have a catastrophic impact on businesses.

5 It took 7 minutes from first incident until all devices were down
Our estimated loss is $278 million We thought it was just another evening with no We realized no one owned the incident. We have plans for earthquakes, terror attacks, flooding – but not cyberattacks

6 42% Top External Intrusion Method: Software Vulnerabilities
Software Vulnerabilities and Patching At the center of security incidents Top External Intrusion Method: Software Vulnerabilities 42% - Forrester Clients report: “Remediation is a perennial point of failure in vulnerability management programs.” - Gartner

7 It takes organizations much longer to apply security patches than it takes hackers to ramp up the exploitation of unpatched vulnerabilities...

8 The risk window The time between the disclosure of a vulnerability, and the time to identifying and fixing that vulnerability in your environment Intro to risk window.

9 Risk Window: from awareness to mitigation

10 Risk Window: from awareness to mitigation
Average time from Disclosure to first Exploitation: 30 days1 Average time from Identification to Remediation: 186 days2 The Risk Window: 156 days 1 – Source: “2016 Data Breach Investigation Report” Verizon 2 – Source: “2016 State of Vulnerability Risk Management” NopSec

11 Pencentage of applications patched withing 30 days of disclosure
(secure) The Attack Surface 1 – Source: “2017 Data Breach Investigation Report” Verizon

12 Patch Management challenges, tips and tricks

13 Security Patch Management
Misconceptions Consequences No synergy between security assessment and patch activities Patching Microsoft applications is good enough Focus only on the most common non- Microsoft applications Relying on vendor information and alerts Non prioritized patching process Waste of resources Applications staying unpatched for months or many times, years Security incidents leading to business disruption and breaches Presentation title and date

14 The Gap

15 The critical gap “The most critical point in a VM process is the handover of identified vulnerabilities to the team responsible for remediating them (usually by applying patches). Just sending a report with thousands of vulnerabilities to the operations team to fix is one of the most common ways to fail in VM’’ *Gartner Report - A Guidance Framework for Developing and implementing Vulnerability Management

16 Main business challenges
Infrastructure components Visual Insight to the entire process No teamwork No sponsor Tools before process Process before goal Many vendors out there Flexera SVM & CSI Invanti Microsoft SCUP tools

17 Demo

18 The Toolbelt The right tool for the right job Vulnerabilities
3rd party integration Software update Configuration Items Scripts Vulnerabilities Operating System Hardware Application Drivers

19 Vulnerabilities: Operating system
Goal Process Environments Understand the Windows Defense stack Pre breach Post breach Health attestation Device guard Device control Security policies Credential Guard Windows Hallo Encryption Windows Information Protection Conditional Access SmartScreen Applocker Device Guard Defender Device protection Indentity protection Information protection Threat resistance Breach detection, investigation & response

20 Demo

21 Vulnerabilities: Applications
Who own’s the process Application owners Security Operations I’m patching Adobe & JAVA in addition to the apps my Boss hears about in the news

22 Demo

23 Vulnerabilities: Drivers
Why on Earth would I want to rock a boat I need a reason Windows 10 Servicing

24 Demo

25 Wrap-up It’s your choice, the Hurricane or the mild storm
Configuration Manager & EM+S are important tools in the belt If you wait, tomorrow might very well be to late

Download ppt "What if tomorrow never comes"

Similar presentations

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
EEye Digital Security  1.866.339.3732   On the Frontline of the Threat Landscape: Simple configuration goes a long way.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.

How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Security Trends & Industry Insights

Security Trends & Industry Insights
REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services.

REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Similar presentations

Ads by Google