Protect Against 85% of Cyberattacks
Download as PPTX, PDF1 like89 views
The document outlines the importance of implementing the CIS framework's first five cyber hygiene controls to mitigate security threats, focusing on inventory control, administrative privileges, vulnerability management, and secure configurations. It emphasizes the rise in vulnerabilities and the need for organizations to prioritize rapid patching and effective vulnerability assessments to prevent exploits. Additionally, it suggests enhancing security strategies through continuous reviews and integrating IT operations with security capabilities for a comprehensive approach.
Protect Against 85% of Cyberattacks
- 1. CIS Framework Steps 1 - 5 Chris Goettl, Director of Product Management, Security Michael, Ivanti Customer, Healthcare
- 2. CIS, US-CERT, ASD, and other authorities prioritize these five elements of cyber hygiene to significantly reduce security threats. Inventory and control of hardware assets Inventory and control of software assets Controlled use of administrative privileges Continuous vulnerability management Secure configuration for hardware and software The first 5 controls
- 3. P a t c h O p e r a t i n g S ys t e m s 85% of Windows intrusion threats 1 Organizations can prevent P a t c h Ap p l i c a t i o n s 2 3 M i n i m i z e Ad m i n P r i v i l e g e s 4 by implementing four key disciplines Ap p l i c a t i o n W h i t e l i s t i n g As recommended by…
- 5. Rise in vulnerabilities vs decrease in time to patch 2016 2017 20192018 • 16555 CVEs • Average Time to Patch 34 days • Only 7% of CVEs were exploited • 14714 CVEs• 6447 CVEs • Average Time to Patch 100 to 120 days • Expect continued in crease in CVEs • Target Time to Patch 14 days Exploited Zero Day Public Disclosure Unknown Vulnerabilities 0-2 Weeks Rising Risk Day Zero Update Releases 2-4 Weeks 50% of exploits have occurred 40-60 Days 90% of exploits have occurred 120 Days
- 6. BlueKeep Timeline 14, May, 2019 CVE-2019-0708 Update Available 15, May, 2019 PoC research begins Social Media Trackers GitHub Trackers 20, May, 2019 BSOD achieved 28, May, 2019 Active Scanning of public systems White Hats and Black Hats 6 security research teams confirmed they have achieved exploit of BlueKeep 14 Days
- 7. Prioritizing Vulnerabilities to Resolve • By Vendor Severity? • By CVSS score? • Just deploying OS updates? Rated 6.3 and 7.7 by CVSSv3 Researchers slap SAP CRM with vuln combo for massive damage Zero Day in iTunes (8 CVEs) and iCloud (9 CVEs)last week! No CVE for the Zero Day. No vendor rating for the updates. Zero Day: Win32k Elevation of Privilege Vulnerability CVE-2019-1132 rated Important, CVSSv3 7.8
- 8. Bridge the gap between Security and IT Operations
- 9. Continuous Vulnerability Assessment and Remediation How hard can a handoff be? In reality, it has many complications. Each vulnerability assessment could contain thousands, 10s or 100s of thousands of detected CVEs. De-duplicating and researching the list of detected CVEs can take 5-8 hours or more with each pass.
- 10. Rise in vulnerabilities vs decrease in time to patch Exploited Zero Day Public Disclosure Unknown Vulnerabilities 0-2 Weeks Rising Risk Day Zero Update Releases 2-4 Weeks 50% of exploits have occurred 40-60 Days 90% of exploits have occurred 120 Days Application Control Privilege Management #1 Patch Management to reduce Attack Surface #2 Application Control to block malware and untrusted payloads #3 Privilege Management to prevent lateral movement pivot
- 11. Patch and secure the OSes and 3rd-party apps that you can. Prevent all other apps from running while practicing the principles of least privilege. Add advanced anti- malware and AV capabilities, device control, and global policy for all devices. Marry security capabilities with IT ops and service management via shared data and workflows and automation to complete a secure lifecycle. Patch management Vulnerability management Discovery Application control Privilege management Discovery Device control Anti-malware Configuration Endpoint management Asset management Service management Identity Management Ivanti Solutions Mapped to CIS Framework CIS #3: Continuous Vulnerability Management CIS #5: Secure configuration for hardware and software And beyond… Unified IT Discovery CIS #2: Inventory control of software CIS #4: Control admin privileges
- 12. A s s e t M a n a g e m e n t E n d p o i n t M a n a g e m e n t I d e n t i t y M a n a g e m e n t S e r v i c e M a n a g e m e n t
- 13. Extend your investment in Microsoft System Center Configuration Manager with the most extensive catalog of Third Party updates on the market. Best of breed Patch Management, Application Control, and Privilege Management from a single management console. Combine best of breed security capabilities with industry leading systems management capabilities in a unified platform. Native Plug-In Scales with SCCM Extensive 3rd Party Catalog Edit updates without SCUP Patch Management Application control Privilege management Endpoint Management Patch, Application Control, Device Control, Antivirus, Auto-Isolation, and more. Solutions to fit your needs Patch for SCCM Endpoint Security for Endpoint Manager Security Controls Best of breed Application Control and Privilege Management to extend Microsoft System Center Configuration Manager. Application control Privilege management Scales with SCCM Application Control
- 14. 5 KEY TAKE AWAYS
- 15. • Build your security roadmap around a well developed security framework like CIS framework. • Ask Yourself: How accurate is your DiscoveryAsset Management program? • Evaluate your vulnerability assessment and prioritization. What metrics are you using? Are they accurate enough? • 50% of vulnerability exploits occur within 14-24 days of release of an update. What is your Time to Patch? • Continually review your security strategy. How can you layer on additional security controls to strengthen your capabilities. 5 KEY TAKE AWAYS
Editor's Notes
- #3: Much of what you do in cyber security is an 80/20 effort. You can get 80 percent of what you need by implementing 20 percent of the framework. As you try to nail down the remaining 20 percent of risk and exposure, you begin spending a lot more time, effort, and money. The CIS framework is built much the same way. The top 5 controls—25 percent of the framework—deliver layers of defense that, when implemented effectively, can mitigate about 85 percent of cyber threats. 1. Inventory and Control of Hardware Assets Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access. 2. Inventory and Control of Software Assets As above, but for software: Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. 3. Continuous Vulnerability Management Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers. 4. Controlled Use of Administrative Privileges The misuse of administrative privileges is a primary method for attackers to spread inside a target enterprise. Provide processes and tools to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications. 5. Secure Configuration for Hardware and Software Establish, implement, and actively manage (track, report on, correct) the security configuration of laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings. (As delivered by manufacturers and resellers, the default configurations for operating systems and applications are normally geared to ease-of-deployment and ease-of-use—not security. )
- #4: *Australia Signals Directorate (equivalent to US NSA)
- #14: We talked about asset management a moment ago. Let’s take a look at how we’re bringing together Security with some of our other solutions now. Endpoint management plus security: Patch management and vulnerability management often overlap with typical operational activities. Integrate patch management with your endpoint management solution to make it easy for one team to manage both activities. If a security incident occurs, do you have the right tools in place to respond? Can you isolate an infected system? Re-provision a system that was ransomed or couldn’t be cleaned? Apply configuration changes to resolve security vulnerabilities? Service management plus security: There is a process for every task in every IT operation. Patching is no exception. You need to track everything from the change to the entire monthly maintenance incident, and even security incidents other sources report that drive the need for a software update. How are you managing updates each month? You are tracking changes in your CMDB but how are you executing the updates? Security incidents often start as a normal incident and escalate to a security issue once identified as such. Resolving these incidents often leads to a configuration change, a patch for a software vulnerability, or a change in policy for privileges or application/device control capabilities. When you identify a security incident, do you have the means to respond to and remediate it directly? Finally, since you have no real defense without up-to-the-minute insight into your environment, our products also come with standard with Ivanti Xtraction. Xtraction takes advanced reporting to a whole new level, turning it into a checkbox with the ability to bring together data collected by our solutions and many more from across the organization and easily customize dashboards and reports. Get the right data into the hands of executives, directors, and line-of-business (LOB) and application owners. Pre-built connectors for nearly every tool you use (service desks, monitoring and ITAM toolsets, phone systems, etc.) mean no coding, business intelligence gurus, or spreadsheets—and no data silos. And Xtraction can be customized to connect to even more, so everyone can view their data enterprise-wide in context—cutting through the mass of information to the critical insights that matter—to make smarter, faster decisions with ease.