SlideShare une entreprise Scribd logo

Vulnerability , Malware and Risk

SecPod Technologies
SecPod Technologies

Recent studies have shown that 90% of security breaches involve a software vulnerability caused by a missing patch – even if the patch is made available to the public. Many organizations do not realize that a vulnerable system connected to the enterprise network potentially puts the entire organization to risk by being an easy target for cyber-attacks. Many service providers scan the network and provide a comprehensive report of the vulnerabilities existing in endpoint systems. However, they do not take the next step to remove the vulnerabilities. Read this whitepaper to know how SecPod's Saner ensures enterprise security by remediating vulnerabilities in the endpoints. Saner is a light-weight, enterprise grade, scalable solution that hardens your systems; providing protection from malware & security threats

Technologie
1  sur  4
Télécharger pour lire hors ligne
Vulnerability, Malware and Risk Background Information Security is a crucial function within any organization. Availability, confidentiality and integrity of information are critically dependent on the health of every system connected to the organization. Various software packages on these systems have flaws in their code. These flaws exist despite the most stringent QA scrutiny, and potentially allow a malicious user unauthorized access to a system. These are referred to as vulnerabilities. A typical enterprise consists of a complex network of computers. This network of computers is prone to risk from any of the end point systems connected to the network. A system with vulnerabilities connecting to the network potentially puts the entire organization at risk since they can allow large- scale attacks. Almost all attacks exploit vulnerabilities in systems. An interesting question that arises is: How long does it take a vulnerable computer connected to the Internet to become infected with malicious software? The answer depends on the OS the computer is running. In any case, it is a matter of minutes to a few hours, with Unix systems typically holding out longer than Windows operating systems. (https://isc.sans.edu/survivaltime.html ) Many service providers offer services that scan the organization and provide a comprehensive report of vulnerabilities. Removing these vulnerabilities is then typically left to the end user. This can be particularly daunting if there are many end points in the organization. In this paper we discuss how to ensure the health of all systems that connect to the network by removing known vulnerabilities. Saner makes this process very simple, intuitive and fast. This keeps enterprises safe from many attacks. How most attackers gain access to a system Information security invariably depends on preventing attacks from exploiting end point systems. Every system in a network with any kind of vulnerability is a potential entry point for an attack. Unauthorized access to a system and controlling a system is exactly what an attacker accomplishes by exploiting end point vulnerabilities. Many complex applications run on end point computers. So far we have explained how vulnerable software applications can be exploited by attackers to gain access to a system or to cause unpredictable behavior in a system. Most malware is designed to target and attack these vulnerabilities. It stands to reason that systems with fewer vulnerabilities are more secure. Every day, an average of 30 new vulnerabilities are uncovered and published in the National Vulnerability Database (http://web.nvd.nist.gov/view/vuln/search). The time between the publication of a vulnerability and an attack using the vulnerability is a matter of days. (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf ). According to the Center for Strategic and International Studies, “75% of attacks use publicly known vulnerabilities in commercial
software that could be prevented by regular patching.” (http://csis.org/files/publication/130212_Lewis_RaisingBarCybersecurity.pdf ). For most of these vulnerabilities, the application vendor provides a “patch” which is an update to the software that removes the vulnerability. Most vulnerabilities are removed by keeping systems up to date with the latest software. Anti-Virus software and residual risk Anti-virus (AV) software has been fairly successful in containing attacks to a point. AV software uses signature-based detection for viruses and malware. It depends on the availability of the signatures or patterns that identify the virus or malware as malicious code. While the dictionary of signatures is growing exponentially, attackers have devised clever ways of disguising their attacks to escape detection. Polymorphic codes that mutate when they execute in a host can potentially avoid detection. This can render AV software ineffective in detecting and blocking all malware attacks. More importantly, AV software is designed to detect and act on an on-going attack and cure it after the fact. The AV software answer is to remove the offending piece of code after the attack. However, it is not designed to do effective prevention, thus leaving unmitigated risks in the systems. Patch – remove the vulnerabilities before they can be exploited A software patch is a piece of code designed to correct a known problem in a software application or product. In response to uncovered vulnerabilities, software vendors correct the offending code and release an update in the form of a patch. When the software is updated the vulnerability is typically removed. Patching applications as soon as the patch is made available is important, especially when a software vendor releases critical patches. The availability of a patch can provide the information that attackers use to write an exploit. This can reduce the time to attack after a vulnerability is uncovered and a patch is available. The safest way to mitigate the risk of an attack is to patch the system immediately. Challenges of software patching Patching and keeping applications up to date is unquestionably important. However, the fact is that a significant percentage of computers are running unpatched operating systems and applications. Most successful attacks target unpatched systems in the network. Why then are so many systems still unpatched? Individuals may not be equipped with the knowledge or skills to accomplish effective patching. Also, the patching process in an enterprise can be quite complex. In “Guide to Enterprise Patch Management Technologies”, (http://csis.org/files/publication/130212_Lewis_RaisingBarCybersecurity.pdf ), the report lists a few of these challenges. Here is a summary of important points to note: - SW Inventory Management – Having an up to date inventory, with complete information about the installed version of all software in each system connected to the enterprise is important, but it is a very challenging task.
- Resource Overload – Software vendors release patches either bundled with many issues resolved at once, or if the issue is critical and likely to have a major impact they may release a “one off” patch. In either case, if not well managed, network bandwidth can be choked with many systems downloading required patches. - Installation Side Effects - Applied patches may alter some security configurations. Organizations should be able to identify these and remedy them for effective vulnerability management. - Effectiveness of Patching – Patches often require the patched software be restarted or the entire system be restarted. The patch won’t take effect until this step is completed. Knowing the applied patch is in effect is crucial and needs to be ascertained. There are also a few other points that can complicate the patching process in an enterprise: - Risk Assessment and Prioritization – Not all vulnerabilities pose the same level of risk. Given that the patching process in an enterprise can be elaborate, patches should be prioritized based on the risk they pose to an organization. - Patch Identification - Once risks are identified and prioritized, the task of identifying appropriate patches to apply can be tedious and time consuming. How Saner Accomplishes Vulnerability Mitigation SecPod has the philosophy that a stitch in time saves nine. While Malware detection and cure products are still an important tool in an enterprise, they can only do a partial job. Saner identifies and removes vulnerabilities before they are exploited by attackers. Using continuously updated vulnerability data helps us ensure that all known vulnerabilities are detected and a patch is available to specifically address the vulnerability. How Saner addresses common challenges Saner runs an agent on each end point system. This helps track all applications running on any end point system. With this architecture, Saner does not need to have a central repository of all systems and the software running on them. Saner takes care of applying patches to any known vulnerable software on the system. This overcomes the Inventory Management problem alluded to earlier. When a patch is required, every end point system will need to download the patch from either the Internet or the intranet. Connecting to the Internet to download patches can mean choking the enterprise network bandwidth. Saner overcomes this by supporting in-house enterprise deployment. The server downloads the required patch once and then end user systems get the required patch from the in-house server. This avoids multiple redundant downloads that can congest the organization’s Internet connection. Individual systems still use the intranet bandwidth to download patches; however, the intranet bandwidth generally supports this amount of network traffic. Another potential problem faced by organizations is the alteration in configuration values introduced by new patches. Saner handles this by checking for mis-configurations. An example would be if an application is set to start automatically by default, but the enterprise policy is to prevent auto start.
Saner ensures that if any alteration violates the organization policy it is detected and fixed. Such checks are made after a remediation is done to ensure that no mis-configurations exist in the system. After applying a patch, some applications require either a restart of the application or the OS. If the system is not restarted the patch is not effectively applied. Saner performs a scan immediately after the remediation (patching) is done. If the patch is not properly applied it shows up in the console as a vulnerability. In an organization, it may not always be practical to remediate all vulnerabilities. Saner identifies the criticality of vulnerabilities and provides information on the risk they pose. The IT manager can assess the posed threat by examining the severity of the vulnerabilities. Someone armed with the information available in the Saner dashboard can make informed decisions about applying the patch. Identifying the appropriate patch to apply is automated in Saner. This ensures no extra time is required to identify the correct patch to apply; choosing which patch to apply is a matter of a few mouse clicks. Conclusion Anti-virus software products provide a means of identifying threats in an enterprise, but they are not 100% effective on their own. Often they are unable to detect malware before damage is done. In that case, Anti-virus software cannot help contain the virus or minimize the damage. To a large extent Anti- virus software is a reactive approach. At SecPod we believe that prevention is better than cure. Our conviction is that if vulnerabilities are removed from the system – we will be able to prevent an attack from exploiting a system. This goes a long way toward providing Confidentiality, Integrity and Availability of information in an organization. We do not claim that Saner is a replacement for Anti-virus software. Robust security necessitates many layers of defense. Saner is the first line of defense by preventing the exploitation of vulnerabilities and is a necessary component for an organization’s security. Anti-virus software acts as a second line of defense for the purpose it was designed for. Many exploits can be prevented by using Saner. Saner in combination with enterprise Anti-virus software is a much more effective solution to prevent damage from attacks, compared to using an Anti- virus software alone.

Recommandé

Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
Chandrashekhar B
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygiene
Thiagu Haldurai
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
Lumension
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best Practices
Ivanti
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
Sonatype
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
Dedi Dwianto
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact Assessment
Priyanka Aash
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
Ivanti
 

Recommandé

Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
Chandrashekhar B
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygiene
Thiagu Haldurai
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
Lumension
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best Practices
Ivanti
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
Sonatype
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
Dedi Dwianto
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact Assessment
Priyanka Aash
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
Ivanti
 
Software Vulnerabilities Risk Remediation
Software Vulnerabilities Risk RemediationSoftware Vulnerabilities Risk Remediation
Software Vulnerabilities Risk Remediation
Bruce Hafner
 
Everything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsEverything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security Controls
Ivanti
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
Neha Rana
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
rbrockway
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
Ivanti
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
Harshit Singh Bhatia
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Lumension
 
Understanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareUnderstanding Vulnerabilities in Software
Understanding Vulnerabilities in Software
Nicole Gaehle, MSIST
 
Getting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paperGetting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paper
Tawnia Beckwith
 
Patch Management - 2013
Patch Management - 2013Patch Management - 2013
Patch Management - 2013
Vicky Ames
 
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
Sonatype
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Kymberlee Price
 
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Jose Lopez
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
Argyle Executive Forum
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer Overview
Scott Suhy
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision Points
PivotPointSecurity
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability Management
Vicky Ames
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Damon Small
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
Marcelo Martins
 
Revised IEEE 1633 Recommended Practices for Software Reliability
Revised IEEE 1633 Recommended Practices for Software ReliabilityRevised IEEE 1633 Recommended Practices for Software Reliability
Revised IEEE 1633 Recommended Practices for Software Reliability
Ann Marie Neufelder
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Quick Heal Technologies Ltd.
 
SecPod Saner
SecPod SanerSecPod Saner
SecPod Saner
Chandrashekhar B
 

Contenu connexe

Tendances

Software Vulnerabilities Risk Remediation
Software Vulnerabilities Risk RemediationSoftware Vulnerabilities Risk Remediation
Software Vulnerabilities Risk Remediation
Bruce Hafner
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
Neha Rana
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
Lumension
 
Getting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paperGetting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paper
Tawnia Beckwith
 
Patch Management - 2013
Patch Management - 2013Patch Management - 2013
Patch Management - 2013
Vicky Ames
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
Argyle Executive Forum
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability Management
Vicky Ames
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Damon Small
 

Tendances (20)

Software Vulnerabilities Risk Remediation
Software Vulnerabilities Risk RemediationSoftware Vulnerabilities Risk Remediation
Software Vulnerabilities Risk Remediation
 
Everything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsEverything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security Controls
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
 
Why Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of DefenseWhy Patch Management is Still the Best First Line of Defense
Why Patch Management is Still the Best First Line of Defense
 
Understanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareUnderstanding Vulnerabilities in Software
Understanding Vulnerabilities in Software
 
Getting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paperGetting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paper
 
Patch Management - 2013
Patch Management - 2013Patch Management - 2013
Patch Management - 2013
 
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
 
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer Overview
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision Points
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability Management
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
 
Revised IEEE 1633 Recommended Practices for Software Reliability
Revised IEEE 1633 Recommended Practices for Software ReliabilityRevised IEEE 1633 Recommended Practices for Software Reliability
Revised IEEE 1633 Recommended Practices for Software Reliability
 

Similaire à Vulnerability , Malware and Risk

Running Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docxRunning Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docx
cowinhelen
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
tafinley
 
Iaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threads
Iaetsd Iaetsd
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
anandanand521251
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
todd521
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
Andrew Kanikuru
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
Lumension
 

Similaire à Vulnerability , Malware and Risk (20)

Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
 
SecPod Saner
SecPod SanerSecPod Saner
SecPod Saner
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
Running Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docxRunning Head MALWARE1MALWARE2MalwareName.docx
Running Head MALWARE1MALWARE2MalwareName.docx
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
 
10 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 202310 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 2023
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
 
Ransomware Prevention Guide
Ransomware Prevention GuideRansomware Prevention Guide
Ransomware Prevention Guide
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
 
Iaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threads
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
 
Antivirus engine
Antivirus engineAntivirus engine
Antivirus engine
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
 
C0931115
C0931115C0931115
C0931115
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
 
The Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxThe Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's Toolbox
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security Teams
 

Plus de SecPod Technologies

How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
 

Plus de SecPod Technologies (20)

How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
 
Security threats
Security threatsSecurity threats
Security threats
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)
 
WHY MSSPs LOVE OUR SOLUTION
WHY MSSPs LOVE OUR SOLUTIONWHY MSSPs LOVE OUR SOLUTION
WHY MSSPs LOVE OUR SOLUTION
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
 
SanerNow Endpoint Management
SanerNow Endpoint ManagementSanerNow Endpoint Management
SanerNow Endpoint Management
 
SanerNow Asset Management
SanerNow Asset ManagementSanerNow Asset Management
SanerNow Asset Management
 
SanerNow Patch Management
SanerNow Patch ManagementSanerNow Patch Management
SanerNow Patch Management
 
SanerNow Vulnerability Management
SanerNow Vulnerability ManagementSanerNow Vulnerability Management
SanerNow Vulnerability Management
 
SanerNow platform-datasheet
SanerNow platform-datasheetSanerNow platform-datasheet
SanerNow platform-datasheet
 
Many products-no-security
Many products-no-securityMany products-no-security
Many products-no-security
 
SanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems ManagementSanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems Management
 
Healthcare's Fight Against Ransomware
Healthcare's Fight Against Ransomware Healthcare's Fight Against Ransomware
Healthcare's Fight Against Ransomware
 
Take a sneak peek into Saner 2.0
Take a sneak peek into Saner 2.0Take a sneak peek into Saner 2.0
Take a sneak peek into Saner 2.0
 
Msp saner 2.0
Msp saner 2.0Msp saner 2.0
Msp saner 2.0
 
Saner 2.0
Saner 2.0Saner 2.0
Saner 2.0
 
Saner 2.0 product sheet
Saner 2.0 product sheetSaner 2.0 product sheet
Saner 2.0 product sheet
 
Ransomware - A look back
Ransomware - A look backRansomware - A look back
Ransomware - A look back
 
End point security - SecPod Saner
End point security - SecPod SanerEnd point security - SecPod Saner
End point security - SecPod Saner
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 

Vulnerability , Malware and Risk

  • 1. Vulnerability, Malware and Risk Background Information Security is a crucial function within any organization. Availability, confidentiality and integrity of information are critically dependent on the health of every system connected to the organization. Various software packages on these systems have flaws in their code. These flaws exist despite the most stringent QA scrutiny, and potentially allow a malicious user unauthorized access to a system. These are referred to as vulnerabilities. A typical enterprise consists of a complex network of computers. This network of computers is prone to risk from any of the end point systems connected to the network. A system with vulnerabilities connecting to the network potentially puts the entire organization at risk since they can allow large- scale attacks. Almost all attacks exploit vulnerabilities in systems. An interesting question that arises is: How long does it take a vulnerable computer connected to the Internet to become infected with malicious software? The answer depends on the OS the computer is running. In any case, it is a matter of minutes to a few hours, with Unix systems typically holding out longer than Windows operating systems. (https://isc.sans.edu/survivaltime.html ) Many service providers offer services that scan the organization and provide a comprehensive report of vulnerabilities. Removing these vulnerabilities is then typically left to the end user. This can be particularly daunting if there are many end points in the organization. In this paper we discuss how to ensure the health of all systems that connect to the network by removing known vulnerabilities. Saner makes this process very simple, intuitive and fast. This keeps enterprises safe from many attacks. How most attackers gain access to a system Information security invariably depends on preventing attacks from exploiting end point systems. Every system in a network with any kind of vulnerability is a potential entry point for an attack. Unauthorized access to a system and controlling a system is exactly what an attacker accomplishes by exploiting end point vulnerabilities. Many complex applications run on end point computers. So far we have explained how vulnerable software applications can be exploited by attackers to gain access to a system or to cause unpredictable behavior in a system. Most malware is designed to target and attack these vulnerabilities. It stands to reason that systems with fewer vulnerabilities are more secure. Every day, an average of 30 new vulnerabilities are uncovered and published in the National Vulnerability Database (http://web.nvd.nist.gov/view/vuln/search). The time between the publication of a vulnerability and an attack using the vulnerability is a matter of days. (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf ). According to the Center for Strategic and International Studies, “75% of attacks use publicly known vulnerabilities in commercial
  • 2. software that could be prevented by regular patching.” (http://csis.org/files/publication/130212_Lewis_RaisingBarCybersecurity.pdf ). For most of these vulnerabilities, the application vendor provides a “patch” which is an update to the software that removes the vulnerability. Most vulnerabilities are removed by keeping systems up to date with the latest software. Anti-Virus software and residual risk Anti-virus (AV) software has been fairly successful in containing attacks to a point. AV software uses signature-based detection for viruses and malware. It depends on the availability of the signatures or patterns that identify the virus or malware as malicious code. While the dictionary of signatures is growing exponentially, attackers have devised clever ways of disguising their attacks to escape detection. Polymorphic codes that mutate when they execute in a host can potentially avoid detection. This can render AV software ineffective in detecting and blocking all malware attacks. More importantly, AV software is designed to detect and act on an on-going attack and cure it after the fact. The AV software answer is to remove the offending piece of code after the attack. However, it is not designed to do effective prevention, thus leaving unmitigated risks in the systems. Patch – remove the vulnerabilities before they can be exploited A software patch is a piece of code designed to correct a known problem in a software application or product. In response to uncovered vulnerabilities, software vendors correct the offending code and release an update in the form of a patch. When the software is updated the vulnerability is typically removed. Patching applications as soon as the patch is made available is important, especially when a software vendor releases critical patches. The availability of a patch can provide the information that attackers use to write an exploit. This can reduce the time to attack after a vulnerability is uncovered and a patch is available. The safest way to mitigate the risk of an attack is to patch the system immediately. Challenges of software patching Patching and keeping applications up to date is unquestionably important. However, the fact is that a significant percentage of computers are running unpatched operating systems and applications. Most successful attacks target unpatched systems in the network. Why then are so many systems still unpatched? Individuals may not be equipped with the knowledge or skills to accomplish effective patching. Also, the patching process in an enterprise can be quite complex. In “Guide to Enterprise Patch Management Technologies”, (http://csis.org/files/publication/130212_Lewis_RaisingBarCybersecurity.pdf ), the report lists a few of these challenges. Here is a summary of important points to note: - SW Inventory Management – Having an up to date inventory, with complete information about the installed version of all software in each system connected to the enterprise is important, but it is a very challenging task.
  • 3. - Resource Overload – Software vendors release patches either bundled with many issues resolved at once, or if the issue is critical and likely to have a major impact they may release a “one off” patch. In either case, if not well managed, network bandwidth can be choked with many systems downloading required patches. - Installation Side Effects - Applied patches may alter some security configurations. Organizations should be able to identify these and remedy them for effective vulnerability management. - Effectiveness of Patching – Patches often require the patched software be restarted or the entire system be restarted. The patch won’t take effect until this step is completed. Knowing the applied patch is in effect is crucial and needs to be ascertained. There are also a few other points that can complicate the patching process in an enterprise: - Risk Assessment and Prioritization – Not all vulnerabilities pose the same level of risk. Given that the patching process in an enterprise can be elaborate, patches should be prioritized based on the risk they pose to an organization. - Patch Identification - Once risks are identified and prioritized, the task of identifying appropriate patches to apply can be tedious and time consuming. How Saner Accomplishes Vulnerability Mitigation SecPod has the philosophy that a stitch in time saves nine. While Malware detection and cure products are still an important tool in an enterprise, they can only do a partial job. Saner identifies and removes vulnerabilities before they are exploited by attackers. Using continuously updated vulnerability data helps us ensure that all known vulnerabilities are detected and a patch is available to specifically address the vulnerability. How Saner addresses common challenges Saner runs an agent on each end point system. This helps track all applications running on any end point system. With this architecture, Saner does not need to have a central repository of all systems and the software running on them. Saner takes care of applying patches to any known vulnerable software on the system. This overcomes the Inventory Management problem alluded to earlier. When a patch is required, every end point system will need to download the patch from either the Internet or the intranet. Connecting to the Internet to download patches can mean choking the enterprise network bandwidth. Saner overcomes this by supporting in-house enterprise deployment. The server downloads the required patch once and then end user systems get the required patch from the in-house server. This avoids multiple redundant downloads that can congest the organization’s Internet connection. Individual systems still use the intranet bandwidth to download patches; however, the intranet bandwidth generally supports this amount of network traffic. Another potential problem faced by organizations is the alteration in configuration values introduced by new patches. Saner handles this by checking for mis-configurations. An example would be if an application is set to start automatically by default, but the enterprise policy is to prevent auto start.
  • 4. Saner ensures that if any alteration violates the organization policy it is detected and fixed. Such checks are made after a remediation is done to ensure that no mis-configurations exist in the system. After applying a patch, some applications require either a restart of the application or the OS. If the system is not restarted the patch is not effectively applied. Saner performs a scan immediately after the remediation (patching) is done. If the patch is not properly applied it shows up in the console as a vulnerability. In an organization, it may not always be practical to remediate all vulnerabilities. Saner identifies the criticality of vulnerabilities and provides information on the risk they pose. The IT manager can assess the posed threat by examining the severity of the vulnerabilities. Someone armed with the information available in the Saner dashboard can make informed decisions about applying the patch. Identifying the appropriate patch to apply is automated in Saner. This ensures no extra time is required to identify the correct patch to apply; choosing which patch to apply is a matter of a few mouse clicks. Conclusion Anti-virus software products provide a means of identifying threats in an enterprise, but they are not 100% effective on their own. Often they are unable to detect malware before damage is done. In that case, Anti-virus software cannot help contain the virus or minimize the damage. To a large extent Anti- virus software is a reactive approach. At SecPod we believe that prevention is better than cure. Our conviction is that if vulnerabilities are removed from the system – we will be able to prevent an attack from exploiting a system. This goes a long way toward providing Confidentiality, Integrity and Availability of information in an organization. We do not claim that Saner is a replacement for Anti-virus software. Robust security necessitates many layers of defense. Saner is the first line of defense by preventing the exploitation of vulnerabilities and is a necessary component for an organization’s security. Anti-virus software acts as a second line of defense for the purpose it was designed for. Many exploits can be prevented by using Saner. Saner in combination with enterprise Anti-virus software is a much more effective solution to prevent damage from attacks, compared to using an Anti- virus software alone.