Agentless Patch Management for the Data Center
Download as PPTX, PDF0 likes802 views
The document discusses agentless patch management in data centers, emphasizing the importance of continuous vulnerability management to reduce security threats. It highlights the critical nature of CIS Control 3, which involves continuously acquiring and assessing information to identify vulnerabilities and respond effectively. The challenges related to managing physical and virtual systems for patch management are addressed, along with solutions provided by Ivanti for automation and integration.
Agentless Patch Management for the Data Center
- 1. AGENTLESS PATCH MANAGEMENT FOR THE DATA CENTER Chris Goettl, Director of Product Management, Security
- 2. CIS #3: Continuous Vulnerability Management
- 3. The first 5 controls I n v e n t o r y o f A u t h o r i z e d a n d U n a u t h o r i z e d D e v i c e s I n v e n t o r y o f A u t h o r i z e d a n d U n a u t h o r i z e d S o f t w a r e S e c u r e C o n f i g u r a t i o n C o n t i n u o u s V u l n e r a b i l i t y A s s e s s m e n t a n d R e m e d i a t i o n C o n t r o l l e d U s e o f A d m i n i s t r a t i v e P r i v i l e g e s CIS, US-CERT, ASD, and other authorities prioritize these five elements of cyber hygiene to significantly reduce security threats.
- 4. CIS Control 3: Continuous Vulnerability Management Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers. Why Is This CIS Control Critical? When researchers report new vulnerabilities, a race starts among all parties, including: attackers (to “weaponize”, deploy an attack, exploit); vendors (to develop, deploy patches or signatures and updates), and defenders (to assess risk, regression-test patches, install). Cyber defenders must operate in a constant stream of new information: software updates, patches, security advisories, threat bulletins, etc. Understanding and managing vulnerabilities has become a continuous activity, requiring significant time, attention, and resources.
- 5. Rise in Vulnerabilities 2016 2017 20192018 • 16555 CVEs • Average Time to Patch 34 days • Only 7% of CVEs were exploited • 14714 CVEs• 6447 CVEs • Average Time to Patch 100 to 120 days • Expect continued in crease in CVEs • Target Time to Patch 14 days Exploited Zero Day Public Disclosure Unknown Vulnerabilities 0-2 Weeks Rising Risk Day Zero Update Releases 2-4 Weeks 50% of exploits have occurred 40-60 Days 90% of exploits have occurred 120 Days
- 6. BlueKeep Timeline 14, May, 2019 CVE-2019-0708 Update Available 15, May, 2019 PoC research begins Social Media Trackers GitHub Trackers 20, May, 2019 BSOD achieved 28, May, 2019 Active Scanning of public systems White Hats and Black Hats 6 security research teams confirmed they have achieved exploit of BlueKeep 14 Days
- 8. Challenges of Patch Management in the DataCenter Need to manage physical and virtual systems, Windows and Linux Patch by priority from Security Team Complex Requirements from system complexity and system owners
- 9. How can Ivanti Help? Agentless Scan and Patching For Windows (Ideal for DataCenter) Integration with VMware (Offline VM, Template Support) Easily Scheduled Patch Rollout API for Automation Integration
- 10. ▪ Agentless or Agent for Windows ▪ Cloud Agent (Follow the user) ▪ Fast time to value ▪ Vmware Integration (Offline VM, Template, Snapshot) ▪ CVE Import ▪ Largest Windows catalog on the market 1 2
- 11. ▪ PowerShell based API ▪ Script Complex Workloads (Clusters, Tiered Applications, Etc) ▪ Integrate with other solutions (Vulnerability Vendors like Rapid 7, Qualys, BeyondTrust) 1 2
- 12. Demo
- 13. What’s Next?
- 15. Better Risk Metrics for Prioritization
- 16. Repository of Known Issues
- 17. Quickly Understand Reliability Vs Risk
- 18. Thank You
Editor's Notes
- #4: We at Ivanti look to security frameworks like the Center for Internet Security’s Critical Security Controls to help prioritize our efforts and maximize our customers benefits. The CIS framework provides a lot of industry best practices and guidance for securing your organization. What we like most about CIS framework is the prioritized guidance. If you start at the beginning and work your way through you will maximize your effectiveness with each step. Here you can see just the first five controls. These controls are key controls which should be implemented in every organization for essential cyber defense readiness. (Click) For the purposes of this conversation we are going to focus on Continuous Vulnerability Assessment and Remediation Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers. This control encompasses efforts of both the Security and Operations teams and a combination of solutions including Vulnerability Assessment and Patch Management solutions. Depending on the level of sophistication of your process today this could also include SOAR and SIEM solutions, but often there is a rather large gap from identification and prioritization of a vulnerability to remediation.