Scribd
Upload
154 views

A Patch & Vulnerability Management Program Presentation

The document discusses a patch and vulnerability management program which aims to proactively prevent exploitation of vulnerabilities within an organization. It outlines key actions for organizations and a patch vulnerability management group, including creating an inventory, monitoring vulnerabilities, testing remediations, verifying remediation, and using enterprise patching solutions.

Uploaded by

Bode George
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
154 views

A Patch & Vulnerability Management Program Presentation

The document discusses a patch and vulnerability management program which aims to proactively prevent exploitation of vulnerabilities within an organization. It outlines key actions for organizations and a patch vulnerability management group, including creating an inventory, monitoring vulnerabilities, testing remediations, verifying remediation, and using enterprise patching solutions.

Uploaded by

Bode George
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Patch and Vulnerability

Management Program
What is it?
„ A security practice designed to proactively
prevent the exploitation of IT vulnerabilities
within an organization
„ To reduce the time and money spent dealing with
vulnerabilities and exploitation of vulnerabilities
„ Proactive management of vulnerabilities of
systems will reduce or eliminate the potential for
exploitation
„ Will involve considerably less time and effort than
responding after an exploitation has occurred
„ Critical challenge : timely patching
Organization Actions
„ Organizations should:
„ Create a patch and vulnerability group (PVG) to facilitate the
identification and distribution of patches within the organization
„ Use automated patch management tools to expedite the
distribution of patches to systems
„ Deploy enterprise patch management tools using a phased
approach
„ Assess and mitigate the risks associated with deploying enterprise
patch management tools
„ Consider using standardized configurations for IT resources
„ Consistently measure the effectiveness of their patch and
vulnerability management program and apply corrective actions as
necessary
Patch Vulnerability
Management Group Actions
„ Key functions
„ Creating a system inventory
„ Monitor for vulnerabilities, remediations and
threats
„ Create an organization-specific remediation
database
„ Conduct generic testing of remediations
„ Perform automated deployment of patches
„ Verify vulnerability remediation through network
and host vulnerability scanning
Creating Inventory
„ Key problem: granularity –too little or too
much?
„ No separate inventory (inventories used during
asset management or BCP can be used)
„ Sample inventory can keep details of
„ System name, owner, system administrator, location,
network port
„ Software configuration [OS version number, software
packages and version numbers, network services, IP
address]
„ Hardware configuration [CPU, memory, disk space,
ethernet address, wireless capability, I/O, firmware
versions]
Monitoring Vulnerabilities
„ Enterprise patch management tool, to obtain all
available patches from supported vendors
„ Vendor security mailing lists and Web sites, to obtain
all available patches from vendors not supported by
the enterprise patch management tool
„ Vulnerability database or mailing list to obtain
immediate information on all known vulnerabilities
and suggested remediations
„ Third-party vulnerability mailing lists that highlight
the most critical vulnerabilities (e.g., CERT Cyber
Security Alerts)
Testing Remediations
„ The downloaded patch should be checked against any of the
authenticity methods the vendor provides, including checksums, Pretty
Good Privacy (PGP) signatures, and digital certificates
„ A virus scan should also be run on all patches before installation
„ Patches and configuration modifications should be tested on non-
production systems since remediation can easily produce unintended
consequences
„ Determine whether other patches are uninstalled when a particular
patch is installed
„ Test a selection of systems that accurately represent the configuration
of the systems in deployment, since many possible system
configurations exist that the vendor cannot possibly test all of them
„ Before performing the remediation, and especially if there is a lack of
time or resources to perform a test on the patch before employing it on
a production system, learn what experiences others have had in
installing or using the patch
Verifying Remediation
„ Verify that the files or configuration settings the
remediation was intended to correct have been
changed as stated in the vendor’s documentation
„ Scan the host with a vulnerability scanner that is
capable of detecting known vulnerabilities
„ Verify whether the recommended patches were
installed properly by reviewing patch logs
„ Employ exploit procedures or code and attempt to
exploit the vulnerability (i.e., perform a penetration
test)
Enterprise Patching Solutions
„ A central computer manages the patching
across all the machines.
„ Non-agent based : A single computer scans all
computers with administrative privileges
„ Agent based : An agent is installed on each
computer. Agent does the following:
„ Agent either polls a central computer for patches or vice-
versa is done
„ Agent receives instructions from the central computer on
which patches to install and how to install them

You might also like