SlideShare a Scribd company logo

Vulnerability management - beyond scanning

Vladimir Jirasek, profile picture
Vladimir Jirasek

The document outlines the importance of vulnerability management in cybersecurity, emphasizing the relationship between patch management and vulnerability management processes. It highlights key challenges such as data overload and prioritization while providing a blueprint for an effective vulnerability management process. Jirasek Security's credentials and client testimonials underscore their expertise and successful partnerships in enhancing cybersecurity capabilities.

Technology
Related topics:
Cyber-Security
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
WoC Dubai April 2018 VULNERABILITY MANAGEMENT?
Who am I? • European, husband & father • Security Architecture • Vulnerability management technology and processes • Security Operations Centre • Cloud Security • Crypto coin backed VPN project • CEO, Jirasek Security Ltd Just a guy with some experience in security https://Vladimir.jirasek.eu @vjirasek on Twitter Not on Facebook
Why Vulnerability management?
Known challenges 4 • Knowns & unknowns • Data overload • Priorities © Jirasek Security. All rights reserved. 2018
Relationship between two key processes 5© Jirasek Security. All rights reserved. 2018 Patch management •Regular activity by Dev or Ops driven by patch cycles •Not necessarily risk driven •Responsible: Ops Vulnerability management • Analytics is key – threat, company context, … • Threat triggered process • Responsible: Cyber Security Ops
Blueprint for an effective Vulnerability Management Process Asset discovery Vulnerability acquisition Triage (Analysis) Action Patch Reconfigure Monitoring Vulnerabilities CMDB Reporting Threat intelligence & existing controls Reconciliation between scanned and known hosts. Asset criticality. Authenticated and agent-based scanning where possible Automated analysis of each vulnerability, threat context – threat actors, exploitability Implementing corrective actions and increasing monitoring Incident and change requests Determine criticality 6 Vulnerability posture © Jirasek Security. All rights reserved. 2018 Business Assets
“We have worked with Jirasek Security for over 3 years. Their work has been professional, precise and exceeding expectations.” • We come from your side of the fence • We’ve experienced the good, bad and the ugly • Ability to relate to expectations • Taking an interest in our clients • Always available • We never reach “the end”, the journey continues CISO, a global semiconductor company 7© Jirasek Security. All rights reserved. 2018 What makes us unique We have worked with Jirasek Security since 2017. Their professional and managed service have helped us secure and retain business with FTSE 100 companies.” CTO, Cortexica Vision Systems
Our clients 8 For over 7 years we have successfully helped our clients enhance their cyber security capability © Jirasek Security. All rights reserved. 2018
Our partners 9 Well balanced portfolio covering all cyber security domains © Jirasek Security. All rights reserved. 2018
Benefits of engaging with Jirasek Security 10 • Customer Satisfaction • Specialist Resources • Additional Revenue © Jirasek Security. All rights reserved. 2018
Contact us 1 1 Jirasek Security Ltd +44 207 183 9858 Contact@JirasekSecurity.com www.JirasekSecurity.com Company Number: 06871193

More Related Content

PDF
OWASP based Threat Modeling Framework
Chaitanya Bhatt
 
PPTX
Architecting for Security Resilience
Joel Aleburu
 
PDF
Enumerating your shadow it attack surface
Priyanka Aash
 
PDF
GDPR: The Application Security Twist
Security Innovation
 
PDF
Case study financial_services
G. Subramanian
 
PDF
"Thinking diffrent" about your information security strategy
Jason Clark
 
PPTX
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
centralohioissa
 
PDF
The Real Costs of SIEM vs. Managed Security Service
F-Secure Corporation
 
OWASP based Threat Modeling Framework
Chaitanya Bhatt
 
Architecting for Security Resilience
Joel Aleburu
 
Enumerating your shadow it attack surface
Priyanka Aash
 
GDPR: The Application Security Twist
Security Innovation
 
Case study financial_services
G. Subramanian
 
"Thinking diffrent" about your information security strategy
Jason Clark
 
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
centralohioissa
 
The Real Costs of SIEM vs. Managed Security Service
F-Secure Corporation
 

What's hot (15)

PDF
Super CISO 2020: How to Keep Your Job
Priyanka Aash
 
PDF
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity
 
PPTX
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
PPTX
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Phil Agcaoili
 
PDF
Why Zero Trust Yields Maximum Security
Priyanka Aash
 
PPTX
Tictaclabs Managed Cyber Security Services
TicTac Data Recovery
 
PPTX
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
PDF
The State of Threat Detection 2019
Fidelis Cybersecurity
 
PPTX
Your cyber security webinar
Intergen
 
PPTX
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
PDF
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Fidelis Cybersecurity
 
PDF
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Knowledge Group
 
PDF
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Global Business Events
 
PDF
Information Security Intelligence
guest08b1e6
 
PPTX
Roadmap to security operations excellence
Erik Taavila
 
Super CISO 2020: How to Keep Your Job
Priyanka Aash
 
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Phil Agcaoili
 
Why Zero Trust Yields Maximum Security
Priyanka Aash
 
Tictaclabs Managed Cyber Security Services
TicTac Data Recovery
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
The State of Threat Detection 2019
Fidelis Cybersecurity
 
Your cyber security webinar
Intergen
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Fidelis Cybersecurity
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Knowledge Group
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Global Business Events
 
Information Security Intelligence
guest08b1e6
 
Roadmap to security operations excellence
Erik Taavila
 
Ad

Similar to Vulnerability management - beyond scanning (20)

PPT
Vuln.ppt
karthikvcyber
 
PPT
Vuln_Man_91003.ppt
KRISHNARAJ207
 
PPTX
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
AkramAlqadasi1
 
PDF
What your scanner isn't telling you
Core Security
 
PPTX
Protecting Your Business - All Covered Security Services
All Covered
 
PDF
10 Steps to Building an Effective Vulnerability Management Program
BeyondTrust
 
PPTX
How to Perform Continuous Vulnerability Management
Ivanti
 
PDF
Protecting Your Business
All Covered
 
PDF
Risksense: 7 Experts on Threat and Vulnerability Management
Mighty Guides, Inc.
 
PDF
Insuring your future: Cybersecurity and the insurance industry
Accenture Insurance
 
PDF
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
South Tyrol Free Software Conference
 
PPT
Qualys user group presentation - vulnerability management - November 2009 v1 3
Tom King
 
PDF
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
SaraPia5
 
PDF
Vulnerability Management Whitepaper PowerPoint Presentation Slides
SlideTeam
 
PDF
The 10 Most Influential People In Cyber Security, 2024.pdf
ciolook1
 
PDF
Its time to grow up by Eric C.
ISSA LA
 
PPTX
Be More Secure than your Competition: MePush Cyber Security for Small Business
Art Ocain
 
PPT
NH Bankers 10 08 07 Kamens
kamensm02
 
PDF
The Security Ecosystem
Anthony Bertuzzi
 
PPTX
Justifying Security Investment
Jojo Colina
 
Vuln.ppt
karthikvcyber
 
Vuln_Man_91003.ppt
KRISHNARAJ207
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
AkramAlqadasi1
 
What your scanner isn't telling you
Core Security
 
Protecting Your Business - All Covered Security Services
All Covered
 
10 Steps to Building an Effective Vulnerability Management Program
BeyondTrust
 
How to Perform Continuous Vulnerability Management
Ivanti
 
Protecting Your Business
All Covered
 
Risksense: 7 Experts on Threat and Vulnerability Management
Mighty Guides, Inc.
 
Insuring your future: Cybersecurity and the insurance industry
Accenture Insurance
 
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
South Tyrol Free Software Conference
 
Qualys user group presentation - vulnerability management - November 2009 v1 3
Tom King
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
SaraPia5
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
SlideTeam
 
The 10 Most Influential People In Cyber Security, 2024.pdf
ciolook1
 
Its time to grow up by Eric C.
ISSA LA
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Art Ocain
 
NH Bankers 10 08 07 Kamens
kamensm02
 
The Security Ecosystem
Anthony Bertuzzi
 
Justifying Security Investment
Jojo Colina
 
Ad

More from Vladimir Jirasek (17)

PPTX
Vulnerability Management @ DevSecOps London Gathering
Vladimir Jirasek
 
PPTX
C-Level tools for Cloud security
Vladimir Jirasek
 
PPTX
Secure your cloud applications by building solid foundations with enterprise ...
Vladimir Jirasek
 
PPTX
Cloud security and security architecture
Vladimir Jirasek
 
PPTX
2012 10 cloud security architecture
Vladimir Jirasek
 
PPT
Mobile phone as Trusted identity assistant
Vladimir Jirasek
 
KEY
Security architecture for LSE 2009
Vladimir Jirasek
 
PPTX
Mobile security summit - 10 mobile risks
Vladimir Jirasek
 
PDF
Information Risk Security model and metrics
Vladimir Jirasek
 
PPTX
Integrating Qualys into the patch and vulnerability management processes
Vladimir Jirasek
 
PPTX
Securing mobile population for White Hats
Vladimir Jirasek
 
PPTX
Security models for security architecture
Vladimir Jirasek
 
PPTX
Meaningfull security metrics
Vladimir Jirasek
 
PPTX
CAMM presentation for Cyber Security Gas and Oil june 2011
Vladimir Jirasek
 
PDF
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
Vladimir Jirasek
 
PPT
Qualys Webex 24 June 2008
Vladimir Jirasek
 
PPTX
Federation For The Cloud Opportunities For A Single Identity
Vladimir Jirasek
 
Vulnerability Management @ DevSecOps London Gathering
Vladimir Jirasek
 
C-Level tools for Cloud security
Vladimir Jirasek
 
Secure your cloud applications by building solid foundations with enterprise ...
Vladimir Jirasek
 
Cloud security and security architecture
Vladimir Jirasek
 
2012 10 cloud security architecture
Vladimir Jirasek
 
Mobile phone as Trusted identity assistant
Vladimir Jirasek
 
Security architecture for LSE 2009
Vladimir Jirasek
 
Mobile security summit - 10 mobile risks
Vladimir Jirasek
 
Information Risk Security model and metrics
Vladimir Jirasek
 
Integrating Qualys into the patch and vulnerability management processes
Vladimir Jirasek
 
Securing mobile population for White Hats
Vladimir Jirasek
 
Security models for security architecture
Vladimir Jirasek
 
Meaningfull security metrics
Vladimir Jirasek
 
CAMM presentation for Cyber Security Gas and Oil june 2011
Vladimir Jirasek
 
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
Vladimir Jirasek
 
Qualys Webex 24 June 2008
Vladimir Jirasek
 
Federation For The Cloud Opportunities For A Single Identity
Vladimir Jirasek
 

Recently uploaded (20)

PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
[발표본] 너의 과제는 클라우드에 있어_KTDS_김동현_20250524.pdf
ssuserf8b8bd1
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Advanced IT Governance
University of Hertfordshire
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
[발표본] 너의 과제는 클라우드에 있어_KTDS_김동현_20250524.pdf
ssuserf8b8bd1
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Advanced IT Governance
University of Hertfordshire
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 

Vulnerability management - beyond scanning

  • 2. Who am I? • European, husband & father • Security Architecture • Vulnerability management technology and processes • Security Operations Centre • Cloud Security • Crypto coin backed VPN project • CEO, Jirasek Security Ltd Just a guy with some experience in security https://Vladimir.jirasek.eu @vjirasek on Twitter Not on Facebook
  • 4. Known challenges 4 • Knowns & unknowns • Data overload • Priorities © Jirasek Security. All rights reserved. 2018
  • 5. Relationship between two key processes 5© Jirasek Security. All rights reserved. 2018 Patch management •Regular activity by Dev or Ops driven by patch cycles •Not necessarily risk driven •Responsible: Ops Vulnerability management • Analytics is key – threat, company context, … • Threat triggered process • Responsible: Cyber Security Ops
  • 6. Blueprint for an effective Vulnerability Management Process Asset discovery Vulnerability acquisition Triage (Analysis) Action Patch Reconfigure Monitoring Vulnerabilities CMDB Reporting Threat intelligence & existing controls Reconciliation between scanned and known hosts. Asset criticality. Authenticated and agent-based scanning where possible Automated analysis of each vulnerability, threat context – threat actors, exploitability Implementing corrective actions and increasing monitoring Incident and change requests Determine criticality 6 Vulnerability posture © Jirasek Security. All rights reserved. 2018 Business Assets
  • 7. “We have worked with Jirasek Security for over 3 years. Their work has been professional, precise and exceeding expectations.” • We come from your side of the fence • We’ve experienced the good, bad and the ugly • Ability to relate to expectations • Taking an interest in our clients • Always available • We never reach “the end”, the journey continues CISO, a global semiconductor company 7© Jirasek Security. All rights reserved. 2018 What makes us unique We have worked with Jirasek Security since 2017. Their professional and managed service have helped us secure and retain business with FTSE 100 companies.” CTO, Cortexica Vision Systems
  • 8. Our clients 8 For over 7 years we have successfully helped our clients enhance their cyber security capability © Jirasek Security. All rights reserved. 2018
  • 9. Our partners 9 Well balanced portfolio covering all cyber security domains © Jirasek Security. All rights reserved. 2018
  • 10. Benefits of engaging with Jirasek Security 10 • Customer Satisfaction • Specialist Resources • Additional Revenue © Jirasek Security. All rights reserved. 2018
  • 11. Contact us 1 1 Jirasek Security Ltd +44 207 183 9858 Contact@JirasekSecurity.com www.JirasekSecurity.com Company Number: 06871193