Kevin J. Murphy

Cyber Security Defenseby Effective Vulnerability Mgmt.

Director, Windows Security Architecture

Agenda

2

• Before We Begin..• Year in Review: Cyber Crime & Nation States, Breaches, &

Trends• Core of Vulnerability Management• Best Practices• Peer discussion

Before We Begin……

3

Manufacturing Consulting Energy

Software Retail Healthcare

TelecommunicationsGovernment

BankingOthers?

Industries Representation

PCI Standards

5

Year in Review

6

Year in Review : Baits and Social Media

7

Year in Review : Identity Exposure

8

This data was before the US Gov. OPM breach of 21.5 million identities

Year in Review : Attack Profiles

9

Year in Review : Cyber crime and Nation Threats

10

• 43% of all cyber attacks originated in China in 2014. http://vpncreative.net

(I don’t believe this. I think China just gets caught)

• Mobile O/S and app threats are rising as vectors into the enterprise

• Dating sites have targeted phishing attacks

• Facebook Twitter & Pinterest –sharing links to friends that are links to malware

Patch Management : Just Do IT!

Please download this doc.Most attacks use known vulnerabilitiesPatches are available in most cases

This should be considered as part of the normal operations

Patch Management: Core Elements

1. Accurate Asset Inventorya. Make sure you know your assets better than your attacker.

2. Patch availability awarenessb. Microsoft Security Response Centerc. http://csrc.nist.gov/d. Your software vendors

3. Timely Monitoring, Scanning & Alerting infrastructure

This should be considered as part of the normal operations

Patch Management: Core Elements

4. Type of Patchesa. Core operating systems patches:

Windows, Linux, Android, iOS, otherb. Infrastructure patches: Cisco, Juniper, F5,

Palo Alto, etc.c. Your application patches: 3rd party, your

internal developed apps., mobile apps.d. Monitor tool patchese. Don’t forget your outliers: security cameras,

HVAC, etc.

This should be considered as part of the normal operations

Patch Management : Deployment Plan on rolling out patches monthly Critical patches should be patched out of

sequence if an active exploit is in progress Always test your patches first! Full-time team Fully funded in your budget cycle Patch status should be part of your normal

information system reporting metrics

This should be viewed as part of the normal operations of your systems

Patch Management : Tips Attackers would love to infect your patch and

have you roll out their malware for them. Use checksums/strong hash to verify patch

integrity Maintain configuration control Secure network file transfer if possible Automate and Phase your deployment to patch

your high value systems first Verify your patch isn’t creating an outageProtect your patching infrastructure.

Patch Management : Cloud Based Systems

In most cases, your cloud provided will handle patches from the hypervisor and below

You still own patching your cloud based applications

Verify you cloud service level agreements and

Make sure there are no patching gaps. (Find the coverage gaps before your attacker does.)

Learning From Peers

Let’s ShareAnd Learn

Veteran’s Day