Evolve or Die, How to Stop Getting Slaughtered Due to Bad Vulnerability Management
1 like205 views
The document discusses the importance of effective vulnerability management, emphasizing asset identification, risk prioritization, and the integration of threat intelligence. It highlights the need for organizations to adopt a proactive approach in tracking metrics that inform business decisions regarding cybersecurity risks. The speaker encourages collaboration with executives and operational teams to improve asset management and remediation strategies.
Evolve or Die, How to Stop Getting Slaughtered Due to Bad Vulnerability Management
- 1. SESSION ID: #RSAC Josh Zelonis EVOLVE OR DIE: HOW TO STOP GETTING SLAUGHTERED DUE TO BAD VULNERABILITY MANAGEMENT TECH-W02 Senior Analyst Forrester @jz415
- 2. # R S A C We are in a constant state of failure.
- 3. # R S A C Vulnerability Management Process Asset Identification Enumeration Prioritization Remediation
- 4. # R S A C Vulnerability Management Process Asset Identification Enumeration Prioritization Remediation
- 5. #RSAC VULNERABILITY MANAGEMENT IS A MAINTENANCE TASK THAT BEGINS AND ENDS WITH OPERATIONS
- 6. # R S A C The Heisenberg Uncertainty Principle of Asset Management
- 7. # R S A C Take Charge Of Asset Management Queryable infrastructure is the fabric of a good CMDB Consider the operational benefits of EDR products Remote management software Creates queryable infrastructure Ability to detect misuse Use scanners to identify unmanaged hosts Embrace coverage as a critical metric
- 8. #RSAC IN 2017, OVER 29% OF CVE HAD A SEVERITY OF HIGH OR CRITICAL.
- 9. # R S A C Define SLA’s By Priority, Not Severity 9 Asset Criticality Vulnerability Severity High Medium Low Low Priority 3 Priority 4 Priority 5 Medium Priority 2 Priority 3 Priority 4 High Priority 1 Priority 2 Priority 3 Critical Priority 1 Priority 2 Priority 3
- 10. # R S A C It’s Time To Start Using Threat Intelligence Strategically
- 11. #RSAC KEY QUESTION: HOW COULD AN ATTACKER EXPLOIT THIS VULNERABILITY?
- 12. # R S A C Dissect Delivery and Exploitation A Cursory Analysis of Meltdown Can be delivered to browser using JavaScript —Endpoint threat model similar to Adobe Flash How do you execute this code on a server? —Other RCE vulnerability in an exposed service —Privilege escalation if already local
- 13. # R S A C Understand How You’ll Be Attacked 0 50 100 150 200 References Vulnerability
- 14. # R S A C How To Talk To Executives About Vulnerability Management
- 15. # R S A C Counting Stats Don’t Make Good Metrics
- 16. # R S A C Control the Message 16 Help execs understand what they need to know to protect their jobs Generate and present metrics that are consumable This provides clarity into what you’re doing to protect them Helps measure progress over time GOAL: Help them make business decisions based on this information
- 17. # R S A C Let’s Review! Vulnerability management is a business process. Queryable infrastructure is the fabric of good asset management. Perform prioritization based on threat intel andasset criticality. Help executives make business decisions supported by metrics about unmitigated risk.
- 18. # R S A C Apply What You Have Learned Today Change your ideology, become a participant! Identify and start tracking key metrics now, to help show trends later. Critical Metric! Coverage, coverage, coverage! Look for intelligence sources which inform threat/exploitation details. Embrace an “application stack” approach to asset management. Understand how software is developed and deployed within your organization.
- 19. # R S A C Apply What You Have Learned In 3 Months Begin outreach and develop relationships! Start providing relevant intelligence briefings to executives. Communicate priority based on how an exploit could be delivered. New Metric! How are you reducing work by deprioritizing CVSS severity? Champion efforts with operations to improve asset management. “How can we help?” – But with suggestions, resources, and budget.
- 20. # R S A C Apply What You Have Learned In 6 Months Become part of the operations process! Start leveraging CI/CD processes for patch deployment. Key Metric! You are committing code, use build metrics to track issues. Leverage queryable infrastructure for real time asset inventory. Codify a new vulnerability remediation SLA based on internal priority.
- 21. #RSAC THANK YOU! Email: jzelonis@forrester.com LinkedIn: https://www.linkedin.com/in/zelonis/ Twitter: @jz415