Kevin J. Murphy
Cyber Security Defenseby Effective Vulnerability Mgmt.
Director, Windows Security Architecture
Agenda
2
• Before We Begin..• Year in Review: Cyber Crime & Nation States, Breaches, &
Trends• Core of Vulnerability Management• Best Practices• Peer discussion
Before We Begin……
3
Manufacturing Consulting Energy
Software Retail Healthcare
TelecommunicationsGovernment
BankingOthers?
Industries Representation
PCI Standards
5
Year in Review
6
Year in Review : Baits and Social Media
7
Year in Review : Identity Exposure
8
This data was before the US Gov. OPM breach of 21.5 million identities
Year in Review : Attack Profiles
9
Year in Review : Cyber crime and Nation Threats
10
• 43% of all cyber attacks originated in China in 2014. http://vpncreative.net
(I don’t believe this. I think China just gets caught)
• Mobile O/S and app threats are rising as vectors into the enterprise
• Dating sites have targeted phishing attacks
• Facebook Twitter & Pinterest –sharing links to friends that are links to malware
Patch Management : Just Do IT!
Please download this doc.Most attacks use known vulnerabilitiesPatches are available in most cases
This should be considered as part of the normal operations
Patch Management: Core Elements
1. Accurate Asset Inventorya. Make sure you know your assets better than your attacker.
2. Patch availability awarenessb. Microsoft Security Response Centerc. http://csrc.nist.gov/d. Your software vendors
3. Timely Monitoring, Scanning & Alerting infrastructure
This should be considered as part of the normal operations
Patch Management: Core Elements
4. Type of Patchesa. Core operating systems patches:
Windows, Linux, Android, iOS, otherb. Infrastructure patches: Cisco, Juniper, F5,
Palo Alto, etc.c. Your application patches: 3rd party, your
internal developed apps., mobile apps.d. Monitor tool patchese. Don’t forget your outliers: security cameras,
HVAC, etc.
This should be considered as part of the normal operations
Patch Management : Deployment Plan on rolling out patches monthly Critical patches should be patched out of
sequence if an active exploit is in progress Always test your patches first! Full-time team Fully funded in your budget cycle Patch status should be part of your normal
information system reporting metrics
This should be viewed as part of the normal operations of your systems
Patch Management : Tips Attackers would love to infect your patch and
have you roll out their malware for them. Use checksums/strong hash to verify patch
integrity Maintain configuration control Secure network file transfer if possible Automate and Phase your deployment to patch
your high value systems first Verify your patch isn’t creating an outageProtect your patching infrastructure.
Patch Management : Cloud Based Systems
In most cases, your cloud provided will handle patches from the hypervisor and below
You still own patching your cloud based applications
Verify you cloud service level agreements and
Make sure there are no patching gaps. (Find the coverage gaps before your attacker does.)
Learning From Peers
Let’s ShareAnd Learn
Veteran’s Day
Top Related