1 / 24

Patch Management

Patch Management. Patch Management Best Practices Steve Thamasett, CISSP, MCSE, NSA IAM November 7, 2003. Agenda. Current Patch Management Situation State of connected devices / users Spread rate for Code Red Business Drivers and Challenges Lost revenue due to downtime The INS Solution

seymour
Télécharger la présentation

Patch Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Patch Management Patch Management Best Practices Steve Thamasett, CISSP, MCSE, NSA IAM November 7, 2003

  2. Agenda • Current Patch Management Situation • State of connected devices / users • Spread rate for Code Red • Business Drivers and Challenges • Lost revenue due to downtime • The INS Solution • Process based • Patch Management Service Features & Benefits • Phase by phase descriptions • Case Study

  3. 14B devices on the Internet by 20101 35M remote users by 20052 65% increase in Web sites3 Industry 90% detected security breaches4 85% detected computer viruses4 95% of all breaches avoidable with an alternative configuration5 Security Current Situation 1 Source: Forrester Research 2 Source: Information Week, 26 November 2001 3 Source: Netcraft summary 4 Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002 5 Source: CERT, 2002

  4. Code Red Virus Infection July 19, 2001 00:00 – 159 hosts infected

  5. Code Red Virus Infection 12 hours later – 4,920 hosts infected

  6. Code Red Virus Infection 12 hours later (24 total) – 341,015 hosts infected JANUARY 2003 SQL SLAMMER WORM: same spread in TEN MINUTES

  7. Business Drivers • New vulnerabilities released daily • Widespread publicly leads to releases of exploits • Vendors must provide quick turnaround on patches

  8. Business Challenges • Internet facing systems typically patched first • Two fundamental past assumptions: • The threat of attack from insiders is less likely and more tolerable than the threat of attack from outsiders. • A high degree of technical skill is required to successfully exploit vulnerabilities, making the probability of attack unlikely. • Threat profile and potential risks have increased • Viruses can now be delivered through common entry points, automatically executed, and then search for exploitable vulnerabilities on other platforms.

  9. Our Business-Centric Approach • Patch Management is a Process, not a Tool • Links Business Imperatives to Network Solutions • Quantify value of new initiatives • Optimize existing infrastructure • Identify best-of-breed solutions • Employ proven best practices and methodologies • Collaborative infrastructure and culture to multiply consultant value • Knowledge transfer for sustainable results • Formal quality program from initiation to close-out

  10. The INS Solution • Patch Management Service • Facilitate and establish a patch management process • Plan and design a comprehensive patch management process • Assist in the Implementation of the process

  11. Patch Management - Features • Network Device and Host Inventory • Determines your organization’s network and host inventory. • A clear understanding of the devices and hosts within the organizations infrastructure must be defined and inventoried.

  12. Patch Management - Features • Network Device and Host Assessment • Maps your IT infrastructure to the patch management process. • Suggested patch management solutions based upon findings

  13. Patch Management - Features • Patch Monitoring and Discovery • Builds the procedures for monitoring patches as they are released. • Includes monitoring of all appropriate security intelligence sources required to identify any exposures or vulnerabilities that may impact the organization.

  14. Patch Management - Features • Patch Evaluation • Investigate, evaluate and test patches in accordance with business objectives, security and IT operational goals. • Generation of a formal plan and documentation to govern the testing based on the type of system and vulnerability

  15. Patch Management - Features • Patch Implementation • Develop tools and templates to integrate with your change management policy. • Develop the standard Security Advisory template • Develop the procedures for the patch to go from testing, to implementation, including updating standard builds as needed.

  16. Patch Management - Features • Patch Maintenance • Develop tracking and reporting mechanisms • Develop security awareness processes

  17. Patch Management – INS Expertise • Strength of Security, Operating Systems, and Network and Systems Management consulting expertise • Successful track record • INS has the expertise and business-focused methodology to identify and quantify operational risk, engineer the right management and delivery process, and align quantifiable results to our customers’ business goals

  18. Patch Management - Benefits • Proactively identify and remediate IT security vulnerabilities • Focuses IT and security on the right set of problems to address • Improved service performance and availability by optimizing business and systems processes • Adds value to ongoing business initiatives, business continuity, reducing operating costs, and security mandates

  19. Patch Management - Deliverables • Executive summary report • A patch management process • Recommendations and a plan for implementing a patch management process • Plan for maintaining the patch management process lifecycle • Client Engagement Book • Knowledge transfer

  20. CS: Patch Management • Government contractor in healthcare space • DITSCAP and HIPAA concerns • Server / Workstation profile • One primary datacenter (~50 Wintel servers) • 25-30 remote locations (1-3 Wintel servers each) • ~1000 seats total (Wintel platform) • Requirements • Server / workstation hardening • Process for maintaining secure environment • DoD oversight for security • Periodic network and system scans • Review of process and procedures

  21. CS: Patch Management • Discovery Phase • Network scans using ISS • System scans with HFNetChk / MBSA • Assessment Phase • System scans with SRR scanner • Issues with “vendor provided” systems • Patch Monitoring / Evaluation Phase • Development of regular list monitoring • Developed lab for testing • Patch Implementation Phase • Change management process • Patch evaluation and deployment process

  22. The INS Advantage • Our primary approach is to relate technology strategies to business objectives • We employ our highly documented Business Value Justification (BVJ) methodology throughout each engagement to ensure that measurable business value is delivered in terms of increased productivity, cost avoidance, asset protection, and business enablement. • Our team works side-by-side with our customer’s team to develop tailored solutions that meet their objectives • We focus on knowledge transfer to ensure that your staff becomes self-sufficient quickly Customer-centric, business-driven approach

  23. The INS Difference • Vendor independence • Optimal solutions to build, manage, and secure your network • Business-centric focus • Link business imperatives to network solutions • Experience • 15,000+ engagements • Expertise • 1,200 certifications in 96 categories • Mature support systems • KnowledgeNet • Quality assurance program • Collaborative culture • Engage one, get the “team”

  24. Thank you • Steve Thamasett, CISSP, MSCE, NSA IAM • Email: steve.thamasett@ins.com • Web: www.ins.com

More Related