Ashis Das Vulnerability Management Patch Presentation V2 PDF
Ashis Das Vulnerability Management Patch Presentation V2 PDF
Misconfigurations or
Outdated software Human error
implementation
• Bugs in OS or • Low Password • Reusing passwords
application complexity across systems
software • No encryption or • Phishing
• Code Logic weak encryption for • Social Engineering
• Poor software data at rest or data
design in flight
• Low LAN
Segmentation
Understanding Vulnerabilities > Impact of Vulnerabilities > Unpatched
Systems
Reasons:
• The number of exploited
vulnerabilities is constantly
increasing.
• A lack of time and resource to
patch the ever-increasing number
of endpoints in an enterprise.
Components • Asset Inventory
of • People
Vulnerability • Remediation and Mitigation
• Risk Assessment
Management
Components of Vulnerability Management >
Asset Inventory
All IT and cybersecurity
frameworks, standards,
guidelines, always mention of
having a proper asset
Inventory as part of their
recommendations.
Layers 2 to 7
• Applications
• Operating System
Services
• Network Stack
Components of Vulnerability Management >
People (Stakeholders)
Platform
End Users IT Ops Sec Ops
Admins
• Blue Collar • Desktop • Help Desk • GRC
• White Collar • Server • Data Center • Risk
• Managers • Applications • Cloud Management
• Executives • File Services • Incident
• Contractors • Databases Response
• Network • Threat Intel
• Developers • Analyst
Collect Data
Implement Vulnerability
Management Analyze Data
Recommendations
Lifecycle
Make
Recommendations
Components of Vulnerability Management >
Risk Assessment > Collect Data
Collect Data from internal or
external sources to determine the
Collect Data vulnerabilities that exists on
assets via scanning.
Implement Vulnerability
Management Analyze Data
Recommendations
Lifecycle
Make
Recommendations
Components of Vulnerability Management >
Risk Assessment > Analyze Data
Collect Data from internal or
external sources to determine
Collect Data the vulnerabilities that exists on
assets via scanning.
Implement Vulnerability
Management Analyze Data
Recommendations
Lifecycle
Analyze collected scan data as
Make well as security related data
Recommendations from other sources. Use
Culling and Ranking to
prioritize what you want to fix.
Components of Vulnerability Management >
Risk Assessment > Analyze Data
Internal Sources
• Quantitative Asset Risk Ranking
• Qualitative Asset Risk Ranking
External Sources
• NIST – Common Vulnerabilities Exposures (CVE) Data,
CVE Details.
• Common Vulnerability Scoring Systems (CVSS) 1-10
• CISA Known Exploitable Vulnerabilities (KEV)
• Proprietary scoring from VM Vendors
• Tenable - Vulnerability Priority Rating (0 to 40)
• Qualys - Qualys Detection Score (1 to 100)
• Rapid7 - Active Risk Score (0 to 1000)
• Exploit Database - https://www.exploit-db.com/
• Metasploit Database - https://docs.rapid7.com
• Threat Intelligence Feeds (OpenIOC, STIX, CybOX, and
YARA)
Components of Vulnerability Management >
Analyze Data
Initial
CVE List Cull CVSS < 5 or KEV
Implement Vulnerability
Management Analyze Data
Recommendations
Lifecycle
Analyze collected scanned data as
well as security related data from other
Make
sources. Use Culling and Ranking to
Recommendations
prioritize what you want to fix.
Recommendations will usually be
patching or remediations/mitigation.
Components of Vulnerability Management >
Make Recommendations
1) - Patching – Apply Updates to resolve bugs or address
vulnerabilities on assets.
2) – Remediation/Mitigation - Reactive
• Logical
• Application based
Make • Host based (System settings)
Recommendations
• Network based (FW, IPS, Quarantine, Isolated Network)
• Temporarily or permanently remove asset
Recommendations will • Physical (Off-Network, block ports (USB, Camera))
usually be patching and
remediation/mitigation.
3) Systemic Measures – Proactive (e.g., CIS Controls,
OWASP Top 10)
4) Accept the Risk – aka Risk Acceptance
Components of Vulnerability Management >
Implement Recommendations
Collect Data from internal or external
sources to determine the vulnerabilities
that exists on assets via scanning.
Collect Data
Implement Vulnerability
Management Analyze Data
Recommendations
Lifecycle
Implement patching and Analyze collected scanned data as well
remediation/mitigation as security related data from other
Make
with stakeholders. sources. Use Culling and Ranking to
Recommendations
prioritize what you want to fix.
Recommendation actions will usually be
patching and remediation/mitigation.
Components of Vulnerability Management >
Review Findings
Collect Data from internal or external
Review Findings from
sources to determine the vulnerabilities that
implementation via exist on them via scanning.
Dashboards or Reports Collect Data
Implement Vulnerability
Management Analyze Data
Recommendations
Lifecycle
Implement patching and Analyze collected data as well as
remediation/mitigation with security related data from other
system and application Make
sources. Use Culling and Ranking to
owners. Recommendations
prioritize what you want to fix.
Implement Vulnerability
Management Analyze Data
Recommendations
Lifecycle
Implement patching and Analyze collected data as well as
remediation/mitigation. with security related data from other
stakeholders. Make
sources. Use Culling and Ranking to
Recommendations
prioritize what you want to fix.
Recommendation actions will usually be
patching and remediation/mitigation.
Components of Vulnerability Management >
Lifecycle Starts Again
Collect Data
Identify critical assets
Vulnerability
Management
Implement Lifecycle Analyze Data
Recommendations
Implement controls RISK ASSESSMENT Identify & rank risks
Make
Recommendations
Identify controls
Role of
• Definition of Patching
Patching in • Types of Patches
Vulnerability • Importance of Patching
Management
Role of Patching in Vulnerability Management > Definition of
Patching
Microsoft
• Critical Update: A fix for a critical, non-security-related issue that affects system functionality.
• Security Update: Addresses vulnerabilities in Microsoft products and is rated by severity (Critical,
Important, Moderate, or Low).
• Definition Update: Updates to definition databases, such as those used for detecting malware or
phishing websites.
• Driver Update: Updates for software that controls hardware devices.
• Feature Pack: Introduces new functionality outside of a product's regular release cycle.
• Service Pack: A cumulative set of updates, including hotfixes, security updates, and additional fixes.
• Update Rollup: A collection of updates packaged together for easier deployment.
• Monthly Rollup: A cumulative set of updates released monthly, targeting specific areas like security or
product components.
Role of Patching in Vulnerability Management > Types of Patches
Apple
• Security Updates: These address vulnerabilities in Apple software and are critical for protecting
devices from potential threats.
• Rapid Security Responses: Introduced to quickly address specific security issues without
waiting for a full software update.
• Feature Updates: These introduce new features or enhancements to Apple devices, often
included in major iOS, macOS, or other OS updates.
• Bug Fixes: Resolve issues that affect the functionality or performance of Apple software.
• Compatibility Updates: Ensure compatibility with new hardware, software, or third-party
applications.
Role of Patching in Vulnerability Management > Importance of Patching
• Timely patching acts as a proactive shield, reducing the likelihood of incidents and the
potential impact they could have on your organization. It’s like locking your doors and
windows before someone tries to break in!
• Fixes Security Vulnerabilities: Patches often address known vulnerabilities in software or systems. By
applying them promptly, you reduce the window of opportunity for attackers to exploit those
weaknesses.
• Prevents Exploits: Cybercriminals frequently target unpatched systems because they know the
vulnerabilities are publicly documented. Timely patching ensures you're ahead of their attempts.
• Protects Sensitive Data: Many attacks aim to access or compromise sensitive data. Patching helps
safeguard against breaches that could lead to data theft or loss. Maintains System Integrity: Unpatched
systems can be exploited to install malware or disrupt operations. Timely updates help maintain the
stability and reliability of your systems.
• Compliance: Many industries have regulations requiring up-to-date systems. Regular patching helps
you stay compliant and avoid penalties.
• Reduces Costs: The cost of a breach, both financial and reputational, can far outweigh the effort of
applying patches in a timely manner
• Patch Discovery
Patching • Testing
Process • Deployment
• Verification
Patching Process > Overview
Patch Discovery
Patch
Verification Management Testing
Lifecycle
Deployment
Patching Process > Patch Discovery
Patch
Verification Management Testing
Lifecycle
Deployment
Patching Process > Patch Discovery
Patch
Verification Management Testing
Lifecycle
Ensuring patches do not
disrupt operations. Utilize
Deployment deployment rings (Dev >
Test > UAT > Prod).
Patching Process > Deployment
Patch
Verification Management Testing
Lifecycle
Ensuring patches do not disrupt
operations. Utilize deployment
Deployment rings (Dev > Test > UAT > Prod).
Patch
Verification Management Testing
Lifecycle
Confirm patches have been Ensuring patches do not disrupt
applied successfully via patch operations. Utilize deployment rings
and/or vulnerability tool Deployment (Dev > Test > UAT > Prod).
dashboard and reporting.
Methods and tools for deploying patches. Identify patches to be
deployed based on type classification and compatibility.
Patching Process > Verification
Patch
Verification Management Testing
Lifecycle
Confirm patches have been applied Ensuring patches do not disrupt
successfully via patch and/or operations. Utilize deployment rings
vulnerability tool dashboard and Deployment (Dev > Test > UAT > Prod).
reporting.