SlideShare a Scribd company logo

Cost-effective approach to full-cycle vulnerability management

Sasha Nunke, profile picture
Sasha Nunke

The document discusses an automated and cost-effective approach to vulnerability management for small and medium businesses. It recommends automating network topology mapping, vulnerability assessments, reporting, and remediation workflows through a ticketing system. This allows businesses to prioritize security tasks while reducing the workload through automation. Periodic scanning, automated report generation and a closed-loop ticketing system for patching are key parts of the recommended approach.

Technology
Related topics:
Vulnerability Management
1 of 21
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Cost-effective approach to full-cycle vulnerability management Sumita Chotani 13th November 2012 Company Confidential
Common Issues across SMB 2  One man army  Security is not a priority  Upper Management wants results  Time is of the essence  User friendly product is imperative
AUTOMATION is the key 3 What can you automate?  Identifying your Network Topology and Asset Management?  Vulnerability Assessment of the network?  Reporting the findings of the assessment?  Remediation workflow via a ticketing system?
Identifying your network topology and Asset Management 4  Discover, understand and organize your network and the people managing the systems 3 Basic Steps: o Run Scheduled maps* o Form Asset Groups around the existing logical structure o Assign each Asset Group to its respective owner Map ~ Network discovery
Identifying your network topology and Asset Management 5
6 Identifying your network topology and Asset Management
7 Identifying your network topology and Asset Management
Identifying your network topology and Asset Management 8
Vulnerability Assessment of the network 9  Periodic scanning of all perimeter and internal systems E.g. o Nightly scans of Production Environment o Weekly scans Critical servers and workstations o Monthly scans of entire network pre and post Patch Tuesday
Vulnerability Assessment of the network 10
11 Reporting the findings of the assessment  Actionable Report o Patch Report • One Interactive Report: - View of a Patch Matrix - Patch – Host Mapping - Link to download the Patch  Schedule report generation
12 Reporting the findings of the assessment
13 Reporting the findings of the assessment
14 Setting up a Remediation workflow via a ticketing system  Need for Closed Loop Ticketing System
15 Setting up a Remediation workflow via a ticketing system  Closing Open Tickets
16 Setting up a Remediation workflow via a ticketing system  Reopening Closed Tickets
17 Setting up a Remediation workflow via a ticketing system
18 Setting up a Remediation workflow via a ticketing system
Check - List 19  Automated Inventory Lookup ✓  Asset Management and Delegation ✓  Automated Scanning ✓  Automated Report Generation ✓  Reports for Patch Management ✓  Automated Remediation Workflow ✓
20 Reduce workload for everyone through automation and prioritisation
schotani@qualys.com Thank You © 1999–2012 Qualys, Inc. All rights reserved.

More Related Content

PPTX
WFWPI & Global Peace Women's Network, October 2013 in London
Elisabeth Riedl
 
PDF
Women's Social Leadership Awards 2013 presentation
Ogunte CIC
 
PDF
Vortex Tutorial -- Part I
Angelo Corsaro
 
PDF
2015 Back To School Transformation Challenge
Greg Cox
 
PPTX
Carols Presentation53
guest576d5
 
PPT
Negation
Livemocha .com
 
PPTX
Rain
sad asad
 
PDF
DDS Efficiency and Extensibility
Angelo Corsaro
 
WFWPI & Global Peace Women's Network, October 2013 in London
Elisabeth Riedl
 
Women's Social Leadership Awards 2013 presentation
Ogunte CIC
 
Vortex Tutorial -- Part I
Angelo Corsaro
 
2015 Back To School Transformation Challenge
Greg Cox
 
Carols Presentation53
guest576d5
 
Negation
Livemocha .com
 
Rain
sad asad
 
DDS Efficiency and Extensibility
Angelo Corsaro
 

Viewers also liked (18)

PDF
I need the data and I need it 1ms ago!
Angelo Corsaro
 
PDF
Visita de plastichín 2015
XXX XXX
 
PPT
Present Tense Verbs
Livemocha .com
 
PDF
DDS Web Programming with dscript
Angelo Corsaro
 
PDF
Sunshine coast literacy_jan_2015
Faye Brownlie
 
PDF
Asis. educ. inic.
Pepe Jara Cueva
 
PDF
CIC 17 - Nominal Scaling of Print Substrates
nmoroney
 
PDF
Elaboración jabón 2016
XXX XXX
 
PDF
ikd312-08-fd
Anung Ariwibowo
 
PDF
Borderland.Reading Is Thinking.Sept2015
Faye Brownlie
 
ODP
HC Vrchlabí
guest661d2b
 
PPT
Ugliest Nhl Jerseys
steve0965
 
PPT
Sph 107 Ch16
Bryant Hall
 
PDF
Web Application Security For Small and Medium Businesses
Sasha Nunke
 
PPT
Osservatorio sul turismo Scolastico 2012
Jacopo Zurlo
 
PPT
Pronunciation
Livemocha .com
 
PDF
The Dawn
RuthEA
 
DOCX
Test 2 Polymer Notes
sad asad
 
I need the data and I need it 1ms ago!
Angelo Corsaro
 
Visita de plastichín 2015
XXX XXX
 
Present Tense Verbs
Livemocha .com
 
DDS Web Programming with dscript
Angelo Corsaro
 
Sunshine coast literacy_jan_2015
Faye Brownlie
 
Asis. educ. inic.
Pepe Jara Cueva
 
CIC 17 - Nominal Scaling of Print Substrates
nmoroney
 
Elaboración jabón 2016
XXX XXX
 
ikd312-08-fd
Anung Ariwibowo
 
Borderland.Reading Is Thinking.Sept2015
Faye Brownlie
 
HC Vrchlabí
guest661d2b
 
Ugliest Nhl Jerseys
steve0965
 
Sph 107 Ch16
Bryant Hall
 
Web Application Security For Small and Medium Businesses
Sasha Nunke
 
Osservatorio sul turismo Scolastico 2012
Jacopo Zurlo
 
Pronunciation
Livemocha .com
 
The Dawn
RuthEA
 
Test 2 Polymer Notes
sad asad
 
Ad

Similar to Cost-effective approach to full-cycle vulnerability management (20)

PPTX
NuvoSys Solutions, LLC
nygonz
 
PDF
Implementing Vulnerability Management
Argyle Executive Forum
 
PPTX
Acculink systems end user presentation
Art Morrison
 
PPTX
Acculink systems end user presentation
Art Morrison
 
PPT
Why Use Wes Tech Solutions
doughold
 
PPT
Why Use Westech Solutions
Jhugueno
 
PPTX
The Benefits of Having Nerds On Site Monitoring Your Technology
Kevin Lloyd
 
PPTX
The Benefits of Having Nerds On Site Monitoring Your Technology
nerdsonsite
 
PDF
2 20613 qualys_top_10_reports_vm
azfayel
 
PPT
Planning and Deploying an Effective Vulnerability Management Program
Sasha Nunke
 
PDF
Group 4 Networks Assessment Outline
dgrubisa
 
PPTX
DTS Services
David A. Le Roy
 
PPS
Net Monitor Presentation
entrecomputersolutions
 
DOC
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
Gregg Jackson
 
PDF
Infrastructure Management PowerPoint Presentation Slides
SlideTeam
 
PDF
Enterprise Vulnerability Management: Back to Basics
Damon Small
 
PPT
Managed Services Presentation
Scott Gombar
 
PDF
Facilities Management Powerpoint Presentation Slides
SlideTeam
 
PPTX
Manage services presentation
Len Moncrieffe
 
PDF
The uncool-security-hygiene
Thiagu Haldurai
 
NuvoSys Solutions, LLC
nygonz
 
Implementing Vulnerability Management
Argyle Executive Forum
 
Acculink systems end user presentation
Art Morrison
 
Acculink systems end user presentation
Art Morrison
 
Why Use Wes Tech Solutions
doughold
 
Why Use Westech Solutions
Jhugueno
 
The Benefits of Having Nerds On Site Monitoring Your Technology
Kevin Lloyd
 
The Benefits of Having Nerds On Site Monitoring Your Technology
nerdsonsite
 
2 20613 qualys_top_10_reports_vm
azfayel
 
Planning and Deploying an Effective Vulnerability Management Program
Sasha Nunke
 
Group 4 Networks Assessment Outline
dgrubisa
 
DTS Services
David A. Le Roy
 
Net Monitor Presentation
entrecomputersolutions
 
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
Gregg Jackson
 
Infrastructure Management PowerPoint Presentation Slides
SlideTeam
 
Enterprise Vulnerability Management: Back to Basics
Damon Small
 
Managed Services Presentation
Scott Gombar
 
Facilities Management Powerpoint Presentation Slides
SlideTeam
 
Manage services presentation
Len Moncrieffe
 
The uncool-security-hygiene
Thiagu Haldurai
 
Ad

More from Sasha Nunke (7)

PDF
Don’t let Your Website Spread Malware – a New Approach to Web App Security
Sasha Nunke
 
PDF
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
Sasha Nunke
 
PDF
ABC's of Securing Educational Networks
Sasha Nunke
 
PDF
PCI Myths
Sasha Nunke
 
PDF
Web Application Scanning 101
Sasha Nunke
 
PPT
Automating Policy Compliance and IT Governance
Sasha Nunke
 
PDF
PCI Compliance: What You Need to Know
Sasha Nunke
 
Don’t let Your Website Spread Malware – a New Approach to Web App Security
Sasha Nunke
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
Sasha Nunke
 
ABC's of Securing Educational Networks
Sasha Nunke
 
PCI Myths
Sasha Nunke
 
Web Application Scanning 101
Sasha Nunke
 
Automating Policy Compliance and IT Governance
Sasha Nunke
 
PCI Compliance: What You Need to Know
Sasha Nunke
 

Recently uploaded (20)

PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Cloud computing and distributed systems.
kkkkkhan
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 

Cost-effective approach to full-cycle vulnerability management

  • 1. Cost-effective approach to full-cycle vulnerability management Sumita Chotani 13th November 2012 Company Confidential
  • 2. Common Issues across SMB 2  One man army  Security is not a priority  Upper Management wants results  Time is of the essence  User friendly product is imperative
  • 3. AUTOMATION is the key 3 What can you automate?  Identifying your Network Topology and Asset Management?  Vulnerability Assessment of the network?  Reporting the findings of the assessment?  Remediation workflow via a ticketing system?
  • 4. Identifying your network topology and Asset Management 4  Discover, understand and organize your network and the people managing the systems 3 Basic Steps: o Run Scheduled maps* o Form Asset Groups around the existing logical structure o Assign each Asset Group to its respective owner Map ~ Network discovery
  • 5. Identifying your network topology and Asset Management 5
  • 6. 6 Identifying your network topology and Asset Management
  • 7. 7 Identifying your network topology and Asset Management
  • 8. Identifying your network topology and Asset Management 8
  • 9. Vulnerability Assessment of the network 9  Periodic scanning of all perimeter and internal systems E.g. o Nightly scans of Production Environment o Weekly scans Critical servers and workstations o Monthly scans of entire network pre and post Patch Tuesday
  • 10. Vulnerability Assessment of the network 10
  • 11. 11 Reporting the findings of the assessment  Actionable Report o Patch Report • One Interactive Report: - View of a Patch Matrix - Patch – Host Mapping - Link to download the Patch  Schedule report generation
  • 12. 12 Reporting the findings of the assessment
  • 13. 13 Reporting the findings of the assessment
  • 14. 14 Setting up a Remediation workflow via a ticketing system  Need for Closed Loop Ticketing System
  • 15. 15 Setting up a Remediation workflow via a ticketing system  Closing Open Tickets
  • 16. 16 Setting up a Remediation workflow via a ticketing system  Reopening Closed Tickets
  • 17. 17 Setting up a Remediation workflow via a ticketing system
  • 18. 18 Setting up a Remediation workflow via a ticketing system
  • 19. Check - List 19  Automated Inventory Lookup ✓  Asset Management and Delegation ✓  Automated Scanning ✓  Automated Report Generation ✓  Reports for Patch Management ✓  Automated Remediation Workflow ✓
  • 20. 20 Reduce workload for everyone through automation and prioritisation
  • 21. schotani@qualys.com Thank You © 1999–2012 Qualys, Inc. All rights reserved.