SlideShare une entreprise Scribd logo

Proatively Engaged: Questions Executives Should Ask Their Security Teams

Télécharger en tant que PPTX, PDF
FireEye, Inc.
FireEye, Inc.

Jim Aldridge from FireEye discusses what executives should ask their security teams. This is available on the FireEye Blog www.fireeye.com/blog/executive-perspective/2015/11/proactively_engaged.html

Technologie
1  sur  7
1Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIALCopyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Proactively Engaged – Questions Executives Should Ask Their Security Teams Part II – Vulnerability Management
2Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Vulnerability Management The Problem In the context of this article, vulnerability management refers to the processes by which an organization mitigates weaknesses in deployed software and systems. Vulnerabilities affect every type of software from operating systems and applications to network devices, providing avenues for threat actors to gain access to systems and information. We are forced time and again to learn the lesson that previously unknown vulnerabilities will be discovered and disclosed, and recommend you: - Always expect software to have vulnerabilities, whether they are publicly disclosed or not yet discovered. - Assume that threat actors will leverage them. The “HeartBleed” vulnerability, made public in April 2014, is a good example of how a significant vulnerability becomes well-used by attackers. https://www.fireeye.com/blog/threat-research/2014/04/attackers-exploit-heartbleed-openssl-vulnerability.html https://blog.sucuri.net/2014/04/heartbleed-in-the-wild.html
3Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Operating systems and applications are complex and no one can fully eliminate the risk they pose. For effective vulnerability mitigation strategy, consider: - What would an attacker gain from fully controlling this system? - Could the attacker use it to operate in other areas of the network? - Both the sensitive data within the system, and the passwords, hashes, or other stored information that could provide access to other systems. Organizations should prioritize resources toward eliminating publicly known, critical vulnerabilities. - Aim to patch end-user web browsers and desktop applications quickly - Assume that the end-user workstations will be compromised and plan your security architecture and monitoring accordingly. - Focus those resources on Internet-facing systems, infrastructure systems (e.g., Active Directory, SharePoint, Exchange), systems with sensitive data, and privileged users’ workstations (which provide passwords and hashes that would provide attackers quick lateral movement to other systems). The following sections expand on the questions outlined in the first article. Achievable Mitigation
4Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL What Processes Can Detect and Remediate Vulnerabilities? Organizations should build and maintain a dedicated program to detect and mitigate vulnerabilities. Larger organizations can benefit from a third-party provider who specializes in vulnerability scanning. A vulnerability management process program should: • Holistically cover the entire enterprise, including all significant technologies, operating systems, and applications. • Use an “authenticated scan” at least quarterly on the entire environment, so the vulnerability scanner logs into the target systems and gains a comprehensive picture of the systems’ security. • Ensures IT and the business align to rapidly mitigate serious vulnerabilities. • Mitigate risks posed by systems without available patches, or that face business or operational constraints.
5Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Where is Our Environment Vulnerable? Few organizations have adequate coverage across the enterprise. Understanding where coverage is lacking and prioritizing enhancements conveys confidence in the vulnerability management team. Are We Effective at Remediating Known, High-risk Vulnerabilities? The time between detection and closure offers a valuable metric about the vulnerability management program’s effectiveness. Geographic area and business function metrics can highlight roadblocks. Consider the downstream impacts. Passwords, hashes or other information on an unpatched risk-accepted system could allow access to other systems across the environment. Systems with known, high-risk vulnerabilities offer zero access control, because an attacker can immediately gain entry with a trivial level of skill and effort. Organizations should not allow such systems on their networks.
6Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Have We Applied Lessons Learned from Publicized Breaches? Effective security teams learn everything they can from others’ security breaches and apply those lessons to their environments. This could involve reading published news reports or case studies, and asking colleagues whether the malicious activity in question could have been prevented or detected if it occurred in your environment. More formally, tabletop exercises with subject matter experts (whether internal or external) can provide a new level of realism for your team. Such SMEs can highlight the most significant gaps within visibility and response.
7Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Up Next: Monitoring Prevention is difficult and is often simply not achievable. Even the most secure organizations are vulnerable. But, these companies excel at quickly identifying and containing compromises. Our next blog will focus on key elements of a successful monitoring program:  Where do we have good visibility and where is it lacking?  How do we monitor to detect security incidents?  How do we measure capability effectiveness?  How consistent are we about the type of information we gather?  What additional tools or information do we need to be effective?

Recommandé

FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
Valery Yelanin
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
FireEye, Inc.
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye, Inc.
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
Prime Infoserv
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to Know
FireEye, Inc.
 
FireEye
FireEyeFireEye
FireEye
gigamon
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye Portfolio
Prime Infoserv
 

Recommandé

FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
Valery Yelanin
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
FireEye, Inc.
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye, Inc.
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
Prime Infoserv
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to Know
FireEye, Inc.
 
FireEye
FireEyeFireEye
FireEye
gigamon
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye Portfolio
Prime Infoserv
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEye
Splunk
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
Prime Infoserv
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
Heimdal Security
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
ForgeRock
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019
ImekDesign
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenches
Infosec
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat Response
Vivek Jindaniya
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
David Sweigert
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Innovation Network Technologies: InNet
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Aujas
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
ETech 7
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Cristian Garcia G.
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
Rahul Neel Mani
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
FireEye, Inc.
 
M-Trends 2015: 최일선에서 본 관점
M-Trends 2015: 최일선에서 본 관점 M-Trends 2015: 최일선에서 본 관점
M-Trends 2015: 최일선에서 본 관점
FireEye, Inc.
 

Contenu connexe

Tendances

Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Innovation Network Technologies: InNet
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Aujas
 

Tendances (20)

Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEye
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenches
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat Response
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 

En vedette

Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
Belsoft
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-short
Ten Sistemas e Redes
 

En vedette (13)

The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
M-Trends 2015: 최일선에서 본 관점
M-Trends 2015: 최일선에서 본 관점 M-Trends 2015: 최일선에서 본 관점
M-Trends 2015: 최일선에서 본 관점
 
EMEA & The Security Gap: Don't Stand Still
EMEA & The Security Gap: Don't Stand StillEMEA & The Security Gap: Don't Stand Still
EMEA & The Security Gap: Don't Stand Still
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 
5 Reasons Cyber Attackers Target Small and Medium Businesses
5 Reasons Cyber Attackers Target Small and Medium Businesses 5 Reasons Cyber Attackers Target Small and Medium Businesses
5 Reasons Cyber Attackers Target Small and Medium Businesses
 
Connected Cares: The Open Road For Hackers
Connected Cares: The Open Road For HackersConnected Cares: The Open Road For Hackers
Connected Cares: The Open Road For Hackers
 
M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点
 
Securing your Rails application
Securing your Rails applicationSecuring your Rails application
Securing your Rails application
 
M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点
 
rpt-world-eco-forum Final
rpt-world-eco-forum Finalrpt-world-eco-forum Final
rpt-world-eco-forum Final
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
 
Palo Alto Networks - Just another Firewall
Palo Alto Networks - Just another FirewallPalo Alto Networks - Just another Firewall
Palo Alto Networks - Just another Firewall
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-short
 

Similaire à Proatively Engaged: Questions Executives Should Ask Their Security Teams

Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
Ryan Faircloth
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
backdoor
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
anandanand521251
 

Similaire à Proatively Engaged: Questions Executives Should Ask Their Security Teams (20)

Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygiene
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
Information security software security presentation.pptx
Information security software security presentation.pptxInformation security software security presentation.pptx
Information security software security presentation.pptx
 
Application security
Application securityApplication security
Application security
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
 

Plus de FireEye, Inc.

SANS 2013 Report: Digital Forensics and Incident Response Survey
SANS 2013 Report: Digital Forensics and Incident Response Survey SANS 2013 Report: Digital Forensics and Incident Response Survey
SANS 2013 Report: Digital Forensics and Incident Response Survey
FireEye, Inc.
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
FireEye, Inc.
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
FireEye, Inc.
 

Plus de FireEye, Inc. (11)

Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand Still
 
[Infographic] Healthcare Cyber Security: Threat Prognosis
[Infographic] Healthcare Cyber Security: Threat Prognosis[Infographic] Healthcare Cyber Security: Threat Prognosis
[Infographic] Healthcare Cyber Security: Threat Prognosis
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers
 
M-Trends 2015 : Les nouvelles du front
M-Trends 2015 : Les nouvelles du frontM-Trends 2015 : Les nouvelles du front
M-Trends 2015 : Les nouvelles du front
 
M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat
 
M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails
 
M-Trends® 2010: The Advanced Persistent Threat
M-Trends® 2010: The Advanced Persistent Threat M-Trends® 2010: The Advanced Persistent Threat
M-Trends® 2010: The Advanced Persistent Threat
 
SANS 2013 Report: Digital Forensics and Incident Response Survey
SANS 2013 Report: Digital Forensics and Incident Response Survey SANS 2013 Report: Digital Forensics and Incident Response Survey
SANS 2013 Report: Digital Forensics and Incident Response Survey
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
 
FireEye Advanced Threat Report
FireEye Advanced Threat ReportFireEye Advanced Threat Report
FireEye Advanced Threat Report
 

Dernier

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Dernier (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Proatively Engaged: Questions Executives Should Ask Their Security Teams

  • 1. 1Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIALCopyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Proactively Engaged – Questions Executives Should Ask Their Security Teams Part II – Vulnerability Management
  • 2. 2Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Vulnerability Management The Problem In the context of this article, vulnerability management refers to the processes by which an organization mitigates weaknesses in deployed software and systems. Vulnerabilities affect every type of software from operating systems and applications to network devices, providing avenues for threat actors to gain access to systems and information. We are forced time and again to learn the lesson that previously unknown vulnerabilities will be discovered and disclosed, and recommend you: - Always expect software to have vulnerabilities, whether they are publicly disclosed or not yet discovered. - Assume that threat actors will leverage them. The “HeartBleed” vulnerability, made public in April 2014, is a good example of how a significant vulnerability becomes well-used by attackers. https://www.fireeye.com/blog/threat-research/2014/04/attackers-exploit-heartbleed-openssl-vulnerability.html https://blog.sucuri.net/2014/04/heartbleed-in-the-wild.html
  • 3. 3Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Operating systems and applications are complex and no one can fully eliminate the risk they pose. For effective vulnerability mitigation strategy, consider: - What would an attacker gain from fully controlling this system? - Could the attacker use it to operate in other areas of the network? - Both the sensitive data within the system, and the passwords, hashes, or other stored information that could provide access to other systems. Organizations should prioritize resources toward eliminating publicly known, critical vulnerabilities. - Aim to patch end-user web browsers and desktop applications quickly - Assume that the end-user workstations will be compromised and plan your security architecture and monitoring accordingly. - Focus those resources on Internet-facing systems, infrastructure systems (e.g., Active Directory, SharePoint, Exchange), systems with sensitive data, and privileged users’ workstations (which provide passwords and hashes that would provide attackers quick lateral movement to other systems). The following sections expand on the questions outlined in the first article. Achievable Mitigation
  • 4. 4Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL What Processes Can Detect and Remediate Vulnerabilities? Organizations should build and maintain a dedicated program to detect and mitigate vulnerabilities. Larger organizations can benefit from a third-party provider who specializes in vulnerability scanning. A vulnerability management process program should: • Holistically cover the entire enterprise, including all significant technologies, operating systems, and applications. • Use an “authenticated scan” at least quarterly on the entire environment, so the vulnerability scanner logs into the target systems and gains a comprehensive picture of the systems’ security. • Ensures IT and the business align to rapidly mitigate serious vulnerabilities. • Mitigate risks posed by systems without available patches, or that face business or operational constraints.
  • 5. 5Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Where is Our Environment Vulnerable? Few organizations have adequate coverage across the enterprise. Understanding where coverage is lacking and prioritizing enhancements conveys confidence in the vulnerability management team. Are We Effective at Remediating Known, High-risk Vulnerabilities? The time between detection and closure offers a valuable metric about the vulnerability management program’s effectiveness. Geographic area and business function metrics can highlight roadblocks. Consider the downstream impacts. Passwords, hashes or other information on an unpatched risk-accepted system could allow access to other systems across the environment. Systems with known, high-risk vulnerabilities offer zero access control, because an attacker can immediately gain entry with a trivial level of skill and effort. Organizations should not allow such systems on their networks.
  • 6. 6Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Have We Applied Lessons Learned from Publicized Breaches? Effective security teams learn everything they can from others’ security breaches and apply those lessons to their environments. This could involve reading published news reports or case studies, and asking colleagues whether the malicious activity in question could have been prevented or detected if it occurred in your environment. More formally, tabletop exercises with subject matter experts (whether internal or external) can provide a new level of realism for your team. Such SMEs can highlight the most significant gaps within visibility and response.
  • 7. 7Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL Up Next: Monitoring Prevention is difficult and is often simply not achievable. Even the most secure organizations are vulnerable. But, these companies excel at quickly identifying and containing compromises. Our next blog will focus on key elements of a successful monitoring program:  Where do we have good visibility and where is it lacking?  How do we monitor to detect security incidents?  How do we measure capability effectiveness?  How consistent are we about the type of information we gather?  What additional tools or information do we need to be effective?